In my Ruby on Rails application, I am trying to protect part of the public folder using apache .htaccess feature to prevent access from files to non-authentified people. So I have place a .htpasswd file to protect this folder and set up apache accordingly and this work... prompting me for login/password to access the files.
I use the restful authentication plugin to authentify users to their credential. My idea was to do:
What I did, in the application controller:
helper_method :set_http_auth
def set_http_auth
request.env['HTTP_AUTHORIZATION'] = AutionController::HttpAuthentication::Basic.encode_credentials("myLogin","myPassword")
end
Then call the before_filter in the controller to set the value.
It seems like it's doing the job, I get HTTP_AUTHORIZATION set into my request.env array but unfortunately the browser still prompts me for login/passwd if i try to get file from the protected folder (such as image).
If anybody has an idea, I'm all ears :) Thanks!
I found a solution that could be suitable: Here but it would require major changes in my application.
So instead, I chose to protect the folder using apache cookie detection and then check if the cookie was existing when trying to access the file (the cookie getting set upon user's authentication).
Email me is you want details...