Stephen Waterbury wrote: ...
Critiques or razberries welcomed, as long as they're constructive razberries! :)
This is extremely illuminating. The key approach/idea that I was missing is this: You can create a root web.resource.Resource() and add a child "" that handles all URLs not otherwise matched by a known child. This "" child handles the common web-browser case, basically anything not going to your "special" directories. This child is the protected Nevow portal that we all know and love; on attempting to walk into it all the Nevow machinery should trigger. Now you register your Basic-Auth-protected XMLRPC/SOAP portals as parallel children of the Nevow portal, "RPC" and "SOAP". These are again, portals, so they do their own credential checking, thus don't *necessarily* have to use the same cred mechanism, but can if they want to. This doesn't actually do what I was *trying* to do, which was to make it possible to log into the main site using Basic auth *or* the Nevow web forms, but it handles what we actually need to do perfectly, so I can just stop trying to do what I was trying to do :) . I'm about to sit down to implement this approach for our system. Much obliged, Mike ________________________________________________ Mike C. Fletcher Designer, VR Plumber, Coder http://www.vrplumber.com http://blog.vrplumber.com PyCon is coming...