I've been looking over the link sent by
Fletch and it really doesn't look like that's the case. The Authz seems to depend on a successful pass of the Authen pahse, which in turn requires the directory to be protected with either Basic or Digest authentication as configured in httpd.conf My application uses neither Basic nor Digest authentication but rather a third-party authentication module that communicates the user ID in a custom manner. The issue is not showing a login page but rather that I have to reject the request if the user ID (as determined through my custom method) should not have access to the resource.