I shared this in Dallas, with my Webservices presentation, but hadn’t gotten around to making a blog post. Today we had someone that was running into this problem.

What exactly is the issue? When you do a REST request and include a User and Password in the standard parameters that is turned into a Basic Authorization header. One of the ways to secure and authorize your RESTful service is to examine this header and validate it against a user/password table in your database.

You retrieve this header using the WebserviceReadHTTPHeader fuction as follows:

TheValue is string = WebserviceReadHTTPHeader("Authorization")

The issue is that by default Apache strips off the Basic Authorization header and never passes it on to your webservice, and TheValue ends up being blank.

This is an easy fix in Apache, in your virtualhost entry for the site, you need to add the following lines:

RewriteEngine On
RewriteCond %{HTTP:Authorization} .+
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

If you are not using any Rewrite rules anywhere else in your configuration, you might to to enable the line in your httpd.conf file that includes the module

LoadModule rewrite_module modules/mod_rewrite.so

Once you add the lines don’t forget to restart the apache service so it reads the new configuration.

• WEBDEV