2 false 2008-08-14T17:38:31-05:00 29039 5 using-http-basic-authentication-with-ie-not-working 0 15332 open bug ie windows 2008-09-23T07:57:10-05:00 29854 Paul Gallagher Brian Evans http://rails_security.lighthouseapp.com/projects/15332/tickets/5 This is the first time I have used RA, but when I installed and configured everything, if I use Firefox, everything works fine - I am redirected to /sessions/new and can login. If I use IE, I can go to /sessions/new and login, but if i first go to /home which has a before_filter :login_required on the top of the controller, it doesn't redirect me to /sessions/new to login, it gives me the windows username and password screen attached. The username and password does not work in this screen and will not work. Not sure if this is a bug or something I am doing wrong (probably me). I would appreciate any advice or help in fixing this. If you need more details or any code let me know. Thanks, Brian This is the first time I have used RA, but when I installed and configured everything, if I use Firefox, everything works fine - I am redirected to /sessions/new and can login. If I use IE, I can go to /sessions/new and login, but if i first go to /home which has a before_filter :login_required on the top of the controller, it doesn't redirect me to /sessions/new to login, it gives me the windows username and password screen attached. The username and password does not work in this screen and will not work. Not sure if this is a bug or something I am doing wrong (probably me). I would appreciate any advice or help in fixing this. If you need more details or any code let me know. Thanks, Brian <div><p>This is the first time I have used RA, but when I installed and configured everything, if I use Firefox, everything works fine - I am redirected to /sessions/new and can login. If I use IE, I can go to /sessions/new and login, but if i first go to /home which has a before_filter :login_required on the top of the controller, it doesn't redirect me to /sessions/new to login, it gives me the windows username and password screen attached. The username and password does not work in this screen and will not work. Not sure if this is a bug or something I am doing wrong (probably me). I would appreciate any advice or help in fixing this. If you need more details or any code let me know.</p> <p>Thanks,</p> <p>Brian</p></div> 20241 1 This is the first time I have used RA, but when I installed and configured everything, if I use Firefox, everything works fine - I am redirected to /sessions/new and can login. If I use IE, I can go to /sessions/new and login, but if i first go to /home which has a before_filter :login_required on the top of the controller, it doesn't redirect me to /sessions/new to login, it gives me the windows username and password screen attached. The username and password does not work in this screen and will not work. Not sure if this is a bug or something I am doing wrong (probably me). I would appreciate any advice or help in fixing this. If you need more details or any code let me know. Thanks, Brian <div><p>This is the first time I have used RA, but when I installed and configured everything, if I use Firefox, everything works fine - I am redirected to /sessions/new and can login. If I use IE, I can go to /sessions/new and login, but if i first go to /home which has a before_filter :login_required on the top of the controller, it doesn't redirect me to /sessions/new to login, it gives me the windows username and password screen attached. The username and password does not work in this screen and will not work. Not sure if this is a bug or something I am doing wrong (probably me). I would appreciate any advice or help in fixing this. If you need more details or any code let me know.</p> <p>Thanks,</p> <p>Brian</p></div> false 2008-08-14T17:38:31-05:00 29039 --- {} 5 using-http-basic-authentication-with-ie-not-working 0 15332 new 2008-08-14T17:38:31-05:00 29039 Brian Evans Brian Evans http://rails_security.lighthouseapp.com/projects/15332/tickets/5 mrflip 20241 1 Hmm -- I am going to be of little help debugging this since I am a mac weenie. You may want to see if you can recruit another windows user from the [#rails IRC channel](http://www.rubyonrails.org/community) or [railsforum](http://railsforum.com/). What server is your code running on? Does it fail if you have your code on a remote (non-windows) machine and use IE? Even if rest_auth somehow decided to ask IE for http basic, I don't understand why that username and password would fail. the http basic code just checks that same username/password against the DB. <div><p>Hmm -- I am going to be of little help debugging this since I am a mac weenie. You may want to see if you can recruit another windows user from the <a href="http://www.rubyonrails.org/community">#rails IRC channel</a> or <a href="http://railsforum.com/">railsforum</a>.</p> <p>What server is your code running on? Does it fail if you have your code on a remote (non-windows) machine and use IE?</p> <p>Even if rest_auth somehow decided to ask IE for http basic, I don't understand why that username and password would fail. the http basic code just checks that same username/password against the DB.</p></div> false 2008-08-18T08:55:04-05:00 29039 --- :tag: "" :state: new 5 using-http-basic-authentication-with-ie-not-working 0 15332 open bug ie windows 2008-08-18T08:55:04-05:00 20241 mrflip Brian Evans http://rails_security.lighthouseapp.com/projects/15332/tickets/5 mrflip 20241 1 Lemme expand on the above: * I don't understand why it's asking for basic auth in the first place. This is supposed to be governed by the http request somehow. See if you can look at the request and figure out why rails is being fooled. * Also it should bounce you to try the password first. Trace through the login_by session, cookie and password paths and see why all fail? * Finally: why, once it has decided to ask for http basic auth, does that username and password fail? * Are you sure it's asking for http basic auth and not some crazy windows thing? <div><p>Lemme expand on the above:</p> <ul> <li><p>I don't understand why it's asking for basic auth in the first place. This is supposed to be governed by the http request somehow. See if you can look at the request and figure out why rails is being fooled.</p></li> <li><p>Also it should bounce you to try the password first. Trace through the login_by session, cookie and password paths and see why all fail?</p></li> <li><p>Finally: why, once it has decided to ask for http basic auth, does that username and password fail?</p></li> <li><p>Are you sure it's asking for http basic auth and not some crazy windows thing?</p></li> </ul></div> false 2008-08-18T09:00:43-05:00 29039 --- {} 5 using-http-basic-authentication-with-ie-not-working 0 15332 open bug ie windows 2008-08-18T09:00:43-05:00 20241 mrflip Brian Evans http://rails_security.lighthouseapp.com/projects/15332/tickets/5 mrflip 20241 1 thanks for the suggestions, I will do some more testing and see what I can find out. I work on a mac most of the time, and everything worked fine until it went live and the client couldn't login. That's when I found out it is an IE bug. Is there any way to disable http basic and see what happens then? I'll still check everything else and get back with you. <div><p>thanks for the suggestions, I will do some more testing and see what I can find out.</p> <p>I work on a mac most of the time, and everything worked fine until it went live and the client couldn't login. That's when I found out it is an IE bug.</p> <p>Is there any way to disable http basic and see what happens then?</p> <p>I'll still check everything else and get back with you.</p></div> false 2008-08-18T09:46:13-05:00 29039 --- {} 5 using-http-basic-authentication-with-ie-not-working 0 15332 open bug ie windows 2008-08-18T09:46:13-05:00 29039 Brian Evans Brian Evans http://rails_security.lighthouseapp.com/projects/15332/tickets/5 mrflip 20241 1 Another thing I noticed, is that if I go to domain.com/admin (which has the before_filter on it), I get the login screen, doesn't redirect me to the login script. If I go directly to domain.com/session/new, the login screen comes up and everything works fine, I can login and access everything. BTW, it is hosted on hostingrails.com, so it isn't hosted on a windows environment. <div><p>Another thing I noticed, is that if I go to domain.com/admin (which has the before_filter on it), I get the login screen, doesn't redirect me to the login script. If I go directly to domain.com/session/new, the login screen comes up and everything works fine, I can login and access everything.</p> <p>BTW, it is hosted on hostingrails.com, so it isn't hosted on a windows environment.</p></div> false 2008-08-18T09:48:46-05:00 29039 --- {} 5 using-http-basic-authentication-with-ie-not-working 0 15332 open bug ie windows 2008-08-18T09:48:46-05:00 29039 Brian Evans Brian Evans http://rails_security.lighthouseapp.com/projects/15332/tickets/5 mrflip 20241 1 Also, here is what is logged in the production.log. I am not sure what "filter chain halted" means: Processing DashboardController#index (for XX.XX.XX.XX at 2008-08-18 09:50:30) [GET] Session ID: BAh7BzoMY3NyZl9pZCIlZWEzZGNmOWUzZTJkOGMwNDM2MmNiNGM3N2JjZTVl YTYiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh c2h7AAY6CkB1c2VkewA=--2c2e19bd4de161431e7550b22033bb4e9f187b1a Parameters: {"action"=>"index", "controller"=>"dashboard"} Filter chain halted as [:login_required] rendered_or_redirected. Completed in 0.00071 (1404 reqs/sec) | Rendering: 0.00007 (10%) | DB: 0.00000 (0%) | 401 Unauthorized [http://www.domain.com/siteadmin/public/] <div><p>Also, here is what is logged in the production.log. I am not sure what "filter chain halted" means:</p> <p>Processing DashboardController#index (for XX.XX.XX.XX at 2008-08-18 09:50:30) [GET] Session ID: BAh7BzoMY3NyZl9pZCIlZWEzZGNmOWUzZTJkOGMwNDM2MmNiNGM3N2JjZTVl YTYiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh c2h7AAY6CkB1c2VkewA=--2c2e19bd4de161431e7550b22033bb4e9f187b1a Parameters: {"action"=>"index", "controller"=>"dashboard"} Filter chain halted as [:login_required] rendered_or_redirected. Completed in 0.00071 (1404 reqs/sec) | Rendering: 0.00007 (10%) | DB: 0.00000 (0%) | 401 Unauthorized [<a href="http://www.domain.com/siteadmin/public/">http://www.domain.com/siteadmin/...</a>]</p></div> false 2008-08-18T10:02:13-05:00 29039 --- {} 5 using-http-basic-authentication-with-ie-not-working 0 15332 open bug ie windows 2008-08-18T10:02:13-05:00 29039 Brian Evans Brian Evans http://rails_security.lighthouseapp.com/projects/15332/tickets/5 mrflip 20241 1 This is what happens when I use FireFox and access the same page - and it works - redirects me to the login page (even on windows): Processing SessionsController#new (for XX.XX.XX.XX at 2008-08-18 10:04:01) [GET] Session ID: BAh7BzoOcmV0dXJuX3RvIhcvc2l0ZWFkbWluL3B1YmxpYy8iCmZsYXNoSUM6 J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2Vk ewA=--627a7cb3ff7fcb8f63c8bcc778510f04357e4e77 Parameters: {"action"=>"new", "controller"=>"sessions"} Rendering template within layouts/login Rendering sessions/new Completed in 0.00119 (841 reqs/sec) | Rendering: 0.00107 (90%) | DB: 0.00000 (0%) | 200 OK [http://www.domain.com/siteadmin/public/session/new] <div><p>This is what happens when I use FireFox and access the same page - and it works - redirects me to the login page (even on windows):</p> <p>Processing SessionsController#new (for XX.XX.XX.XX at 2008-08-18 10:04:01) [GET] Session ID: BAh7BzoOcmV0dXJuX3RvIhcvc2l0ZWFkbWluL3B1YmxpYy8iCmZsYXNoSUM6 J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2Vk ewA=--627a7cb3ff7fcb8f63c8bcc778510f04357e4e77 Parameters: {"action"=>"new", "controller"=>"sessions"} Rendering template within layouts/login Rendering sessions/new Completed in 0.00119 (841 reqs/sec) | Rendering: 0.00107 (90%) | DB: 0.00000 (0%) | 200 OK [<a href="http://www.domain.com/siteadmin/public/session/new">http://www.domain.com/siteadmin/...</a>]</p></div> false 2008-08-18T10:05:47-05:00 29039 --- {} 5 using-http-basic-authentication-with-ie-not-working 0 15332 open bug ie windows 2008-08-18T10:05:47-05:00 29039 Brian Evans Brian Evans http://rails_security.lighthouseapp.com/projects/15332/tickets/5 mrflip 20241 1 I think filter_chain halted just refers to the before_filter that enforces logins. I'm now mostly wondering if something different in the HTTP request is fooling rails into asking for HTTP auth. It falls thru to HTTP auth in lib/authenticated_system.rb: @@@ # Redirect as appropriate when an access request fails. # # The default action is to redirect to the login screen. # # Override this method in your controllers if you want to have special # behavior in case the <%= file_name %> is not authorized # to access the requested action. For example, a popup window might # simply close itself. def access_denied respond_to do |format| format.html do store_location redirect_to new_<%= controller_routing_name %>_path end # format.any doesn't work in rails version < http://dev.rubyonrails.org/changeset/8987 # you may want to change format.any to e.g. format.any(:js, :xml) format.any do request_http_basic_authentication 'Web Password' end end end @@@ Try tracing through that method and see why it makes the decision it does. Can you dump the request and see if anything is obvs. different? (dump with logger.error, or turn down the [log threshold](http://wiki.rubyonrails.org/rails/pages/HowtoConfigureLogging) If you don't care about having HTTP auth for bot API access, you could try (code untested, YMMV) this to disable it: @@@ def access_denied store_location redirect_to new_<%= controller_routing_name %>_path end @@@ <div><p>I think filter_chain halted just refers to the before_filter that enforces logins.</p> <p>I'm now mostly wondering if something different in the HTTP request is fooling rails into asking for HTTP auth.</p> <p>It falls thru to HTTP auth in lib/authenticated_system.rb:</p> <pre><code> # Redirect as appropriate when an access request fails. # # The default action is to redirect to the login screen. # # Override this method in your controllers if you want to have special # behavior in case the &lt;%= file_name %&gt; is not authorized # to access the requested action. For example, a popup window might # simply close itself. def access_denied respond_to do |format| format.html do store_location redirect_to new_&lt;%= controller_routing_name %&gt;_path end # format.any doesn't work in rails version &lt; http://dev.rubyonrails.org/changeset/8987 # you may want to change format.any to e.g. format.any(:js, :xml) format.any do request_http_basic_authentication 'Web Password' end end end </code></pre> <p>Try tracing through that method and see why it makes the decision it does. Can you dump the request and see if anything is obvs. different? (dump with logger.error, or turn down the <a href="http://wiki.rubyonrails.org/rails/pages/HowtoConfigureLogging">log threshold</a></p> <p>If you don't care about having HTTP auth for bot API access, you could try (code untested, YMMV) this to disable it:</p> <pre><code> def access_denied store_location redirect_to new_&lt;%= controller_routing_name %&gt;_path end </code></pre></div> false 2008-08-18T10:44:04-05:00 29039 --- {} 5 using-http-basic-authentication-with-ie-not-working 0 15332 open bug ie windows 2008-08-18T10:44:04-05:00 20241 mrflip Brian Evans http://rails_security.lighthouseapp.com/projects/15332/tickets/5 mrflip 20241 1 Assuming it takes the wrong path thru that method, BTW, the thing to look at (as far as I know) is stuff like the MIME type of the request and the 'accepts' header. Just to check: what version of Rails? And you are using the [latest version of restful-authentication](http://github.com/technoweenie/restful-authentication/tree/master) -- last commit was "merging from nbibler"? <div><p>Assuming it takes the wrong path thru that method, BTW, the thing to look at (as far as I know) is stuff like the MIME type of the request and the 'accepts' header.</p> <p>Just to check: what version of Rails? And you are using the <a href="http://github.com/technoweenie/restful-authentication/tree/master">latest version of restful-authentication</a> -- last commit was "merging from nbibler"?</p></div> false 2008-08-18T10:46:57-05:00 29039 --- {} 5 using-http-basic-authentication-with-ie-not-working 0 15332 open bug ie windows 2008-08-18T10:46:57-05:00 20241 mrflip Brian Evans http://rails_security.lighthouseapp.com/projects/15332/tickets/5 mrflip 1 I'm having the exact same problem. This may help... http://github.com/technoweenie/restful-authentication/commit/698536b9edb795c0115be9f497f50613a284212d#comments I tried adding the following line to access_denied to no avail: def access_denied request.format ||= :html if request.env['HTTP_USER_AGENT'] =~ /msie/i ... end Let me know if you find/found a solution. <div><p>I'm having the exact same problem.</p> <p>This may help...</p> <p><a href="http://github.com/technoweenie/restful-authentication/commit/698536b9edb795c0115be9f497f50613a284212d#comments"> http://github.com/technoweenie/r...</a></p> <p>I tried adding the following line to access_denied to no avail:</p> <p>def access_denied</p> <pre> <code> request.format ||= :html if request.env['HTTP_USER_AGENT'] =~ /msie/i ... </code> </pre> <p>end</p> <p>Let me know if you find/found a solution.</p></div> false 2008-09-04T22:46:49-05:00 29039 --- :assigned_user: 20241 5 using-http-basic-authentication-with-ie-not-working-2 0 15332 open bug ie windows 2008-09-04T22:46:49-05:00 31101 Greg Sterndale Brian Evans http://rails_security.lighthouseapp.com/projects/15332/tickets/5 1 What is the value of request.format with IE, with Mozilla, etc? From the comments there IE sends the wrong thing, which is to say it sends something, and so the request.format ||= :html will never act. Can you instead try @@@ def access_denied request.format = :html if request.env['HTTP_USER_AGENT'] =~ /msie/i ... end @@@ There is also this, added earlier this year: http://dev.rubyonrails.org/ticket/11140 I have no idea if it's related but that section of code is where I'd start digging. <div><p>What is the value of request.format with IE, with Mozilla, etc? From the comments there IE sends the wrong thing, which is to say it sends something, and so the request.format ||= :html will never act. Can you instead try</p> <pre><code> def access_denied request.format = :html if request.env['HTTP_USER_AGENT'] =~ /msie/i ... end </code></pre> <p>There is also this, added earlier this year: <a href="http://dev.rubyonrails.org/ticket/11140">http://dev.rubyonrails.org/ticke...</a> I have no idea if it's related but that section of code is where I'd start digging.</p></div> false 2008-09-04T23:01:04-05:00 29039 --- {} 5 using-http-basic-authentication-with-ie-not-working-3 0 15332 open bug ie windows 2008-09-04T23:01:04-05:00 20241 mrflip Brian Evans http://rails_security.lighthouseapp.com/projects/15332/tickets/5 1 Thanks mrflip. That's exactly where I ended up. Another helpful link: http://geminstallthat.wordpress.com/2008/05/14/ie6-accept-header-is-faulty/ <div><p>Thanks mrflip.</p> <p>That's exactly where I ended up.</p> <p>Another helpful link: <a href="http://geminstallthat.wordpress.com/2008/05/14/ie6-accept-header-is-faulty/"> http://geminstallthat.wordpress....</a></p></div> false 2008-09-04T23:28:00-05:00 29039 --- {} 5 using-http-basic-authentication-with-ie-not-working-4 0 15332 open bug ie windows 2008-09-04T23:28:00-05:00 31101 Greg Sterndale Brian Evans http://rails_security.lighthouseapp.com/projects/15332/tickets/5 1 I'm having the exact same problem but in this case with firefox 1.5! I've got a small sample app running rails 2.1 and the latest release of RA.When i go to the controller that has the before_filter call,it gives me the authentication windows instead of the regular html form.It onyl happens in firefox,goes perfectly fine on safari.I noticed that started happening after I upgraded from rails 2.0 to 2.1,so this my help you guys somehow. <div><p>I'm having the exact same problem but in this case with firefox 1.5!</p> <p>I've got a small sample app running rails 2.1 and the latest release of RA.When i go to the controller that has the before_filter call,it gives me the authentication windows instead of the regular html form.It onyl happens in firefox,goes perfectly fine on safari.I noticed that started happening after I upgraded from rails 2.0 to 2.1,so this my help you guys somehow.</p></div> false 2008-09-08T19:26:31-05:00 29039 --- {} 5 using-http-basic-authentication-with-ie-not-working 0 15332 open bug ie windows 2008-09-08T19:26:37-05:00 16958 alexandre (at bubble.com) Brian Evans http://rails_security.lighthouseapp.com/projects/15332/tickets/5 1 @mrflip, I think you can actually blame this on a subtle behaviour of MimeResponds! As far as I can see, the problem is that if I use format.any in a responds_to block, it will always catch unless the other format options (like format.html) are _specifically_ preferred by the browser (i.e. included in the HTTP_ACCEPTS header) So using format.html/format.any is fine, as long as the browser includes text/html in the accepts header. IE6 doesn't (and also FF1.5 according to alexendre), but that's not because its broken. According to the [HTTP RFC](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html "HTTP RFC") there's no compulsion to list the specific formats you accept. I reckon the proper fix to this is in MimeResponds, but until then I suggest the best thing for restful_authentication would be to qualify the format.any by default. @@@ ruby def access_denied respond_to do |format| format.html do store_location redirect_to new_session_path end format.any(:js, :xml) do request_http_basic_authentication 'Web Password' end end end @@@ This works well for me in IE and FF without resorting to browser-specific tricks, and if HTTP Auth needs to be invoked by the developer for other situations, they can override as desired. <div><p>@mrflip, I think you can actually blame this on a subtle behaviour of MimeResponds!</p> <p>As far as I can see, the problem is that if I use format.any in a responds_to block, it will always catch unless the other format options (like format.html) are <em>specifically</em> preferred by the browser (i.e. included in the HTTP_ACCEPTS header)</p> <p>So using format.html/format.any is fine, as long as the browser includes text/html in the accepts header.</p> <p>IE6 doesn't (and also FF1.5 according to alexendre), but that's not because its broken. According to the <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html" title="HTTP RFC">HTTP RFC</a> there's no compulsion to list the specific formats you accept.</p> <p>I reckon the proper fix to this is in MimeResponds, but until then I suggest the best thing for restful_authentication would be to qualify the format.any by default.</p> <pre><code class="ruby"> def access_denied respond_to do |format| format.html do store_location redirect_to new_session_path end format.any(:js, :xml) do request_http_basic_authentication 'Web Password' end end end </code></pre> <p>This works well for me in IE and FF without resorting to browser-specific tricks, and if HTTP Auth needs to be invoked by the developer for other situations, they can override as desired.</p></div> false 2008-09-23T07:57:02-05:00 29039 --- :tag: bug ie windows 5 using-http-basic-authentication-with-ie-not-working 0 15332 open bug ie windows 2008-09-23T07:57:09-05:00 29854 Paul Gallagher Brian Evans http://rails_security.lighthouseapp.com/projects/15332/tickets/5 1 @mrflip, I think you can actually blame this on a subtle behaviour of MimeResponds! As far as I can see, the problem is that if I use format.any in a responds_to block, it will always catch unless the other format options (like format.html) are _specifically_ preferred by the browser (i.e. included in the HTTP_ACCEPTS header) So using format.html/format.any is fine, as long as the browser includes text/html in the accepts header. IE6 doesn't (and also FF1.5 according to alexendre), but that's not because its broken. According to the [HTTP RFC](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html "HTTP RFC") there's no compulsion to list the specific formats you accept. I reckon the proper fix to this is in MimeResponds, but until then I suggest the best thing for restful_authentication would be to qualify the format.any by default. @@@ ruby def access_denied respond_to do |format| format.html do store_location redirect_to new_session_path end format.any(:js, :xml) do request_http_basic_authentication 'Web Password' end end end @@@ This works well for me in IE and FF without resorting to browser-specific tricks, and if HTTP Auth needs to be invoked by the developer for other situations, they can override as desired. <div><p>@mrflip, I think you can actually blame this on a subtle behaviour of MimeResponds!</p> <p>As far as I can see, the problem is that if I use format.any in a responds_to block, it will always catch unless the other format options (like format.html) are <em>specifically</em> preferred by the browser (i.e. included in the HTTP_ACCEPTS header)</p> <p>So using format.html/format.any is fine, as long as the browser includes text/html in the accepts header.</p> <p>IE6 doesn't (and also FF1.5 according to alexendre), but that's not because its broken. According to the <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html" title="HTTP RFC">HTTP RFC</a> there's no compulsion to list the specific formats you accept.</p> <p>I reckon the proper fix to this is in MimeResponds, but until then I suggest the best thing for restful_authentication would be to qualify the format.any by default.</p> <pre><code class="ruby"> def access_denied respond_to do |format| format.html do store_location redirect_to new_session_path end format.any(:js, :xml) do request_http_basic_authentication 'Web Password' end end end </code></pre> <p>This works well for me in IE and FF without resorting to browser-specific tricks, and if HTTP Auth needs to be invoked by the developer for other situations, they can override as desired.</p></div> false 2008-09-23T07:57:05-05:00 29039 --- {} 5 using-http-basic-authentication-with-ie-not-working 0 15332 open bug ie windows 2008-09-23T07:57:10-05:00 29854 Paul Gallagher Brian Evans http://rails_security.lighthouseapp.com/projects/15332/tickets/5 7f39e553e412ab69144d375a330d168e92b210b5 image/png 2008-08-14T17:38:31-05:00 login.png 497 39340 171393 29039 646 http://rails_security.lighthouseapp.com/attachments/39340/login.png