European Experts Exchange (EEE.org) :: Free Experts PHP MySql Oracle Microsoft Web SQL Delphi


Languages :: DHTML, JScript :: responding to .NET www-authentication request using AJAX, how?
By: mikkelbreum	Date: 27/04/2009 15:34:28	Points: 20	Status: Answered Quality : Excellent
Is it possible to pass credentials using AJAX to a webserver that request www-authentication? I want to log in to a website that uses .NET Bsic www-authentication, and pass the credentials using ajax. When visiting the server with a browser, the browser prompts the user with an authentication/login window. The html header contains this: WWW-Authenticate: Basic realm="hosting.xp" MicrosoftSharePointTeamServices: 6.0.2.6568 X-Powered-By: ASP.NET I want to access the site 'behind the scenes' by calling it from an ajax object, but I'm not sure how to handle the http header that requests the authentication. I would like the ajax call to result in a specific user being logged in (the cookie set) so that the user can procedd to the site later and be 'already' logged in. can this be done in the way I describe here?
By: VGR	Date: 27/04/2009 19:53:16		Type : Answer
Hello, I may be wrong but IMHO all you need is to send an HTTP header "Authorization", with value "Basic %s" where Basic is the "realm" (in your case hosting.xp") and %s is the base64 encoded string "username:password" HTH

By: mikkelbreum	Date: 06/05/2009 09:51:27		Type : Comment
thank you for the infomation it got me somewhat further but still not far anough .. So, Authenticating with the server basically consist of sending a couple of http header fields along with the request, like this: Host: hostname.net Authorization: Basic QWxhZGRpb4738783IHNlc2FtZQKh <-- username:passwd in base64 (see more: http://en.wikipedia.org/wiki/Basic_access_authentication#Example Using the XMLHttpRequest object (ajax) it is possible to set request headers, and I have succeded in calling the server using ajax like that, and I get the page back as if logged in, without the browser prompting for passwd. The problem is, that I get the html content of the homepage returned to my ajax object. I can inject it into the DOM, but that's not what I want, and the cookies and session will not be set/registered. I can read the set-cookie header i get back to my ajax object, but I cant set the cookie from javascript because it will not be coming from the correct host then (its set as localfilecookie).. My attemtp look like this (using jQuery framework): $.ajax({ url: "http://host.net (this link goes outside odesk.com)", cache: false, beforeSend: function(xhr){ xhr.setRequestHeader("Host", "host.net"); xhr.setRequestHeader("Authorization", "Basic dvM5tTc5NDY3OkmhfWRvbGlk"); }, success: function(html){ // html holds the returned html content data from the host $("#results").html(html); // inject returned html into DOM element [ a div with id="results"] }, complete: function(xhr){ // xhr object contains the responseheaders (and a lot of other stuff) alert(xhr.getAllResponseHeaders); // just for debugging cookies = xhr.getResponseHeader('set-cookie'); document.cookie = cookies; //this results in the cookie being set, but it not being set by host.net, as a locally set cookie, therefore it doesn't work } }); What I need is a way to make the browser (not the ajax object) request the page (using GET) and at the same time specify the headers (without going through the browser authentication prompt) and it must work for all modern browsers/platforms. If it can be done via javascript alone (no ajax) it should be a way, I could generate a page with php that contained onLoad event handler to trigger a document.location request, but I would need to specify the headers first of course.. Many developers I've spoken to tell me it can't be done using javascript, but I'm unsure if thats correct after I found these articles: http://forums.asp.net/p/1190680/2054535.aspx#2054535 https://developer.mozilla.org/en/Setting_HTTP_request_headers I'm not able to make use of the code example myself because it's too complicated for my programming knowledge and the time I have to learn it... If it really can't be done with javascript, I was thinking that a little invisible flash object perhaps could do it (or a java app). Flash can send http headers it seems (using actionscript 3) but I do not know if the problem would be the same as with the ajax element, that the flashobject would only be able to get the html response internally, I need it returned to the browser of course (or at least I need the response to result in the cookie being set and the session initiated.) Don't know if this helps? If someone want to take on the job, rather than just giving me advice here, it can be found on http://www.elance.com/job?jobid=16920313 / Mikkel

By: VGR	Date: 07/05/2009 21:00:36		Type : Comment
why would the returned cookie not being set by host.net, as you query host.net. Using Ajax (httpxmlrequest) is nothing different from using javascript alone. It should work. I looked at the first link and it is promissing, even if the OO syntax obscures things (as always). The problem I see is that it makes use of CLSID COM stuff, so this would work only on Windaube and probably only in Internet Exploder. Halas, I can't test it given I've no time left. Sorry. I hope someone else will help you one step further to the goal ;-)

By: OpConsole	Date: 03/04/2011 19:13:21		Type : Comment
force close

Do register to be able to answer

©2010 These pages are served without commercial sponsorship. (No popup ads, etc...). Bandwidth abuse increases hosting cost forcing sponsorship or shutdown. This server aggressively defends against automated copying for any reason including offline viewing, duplication, etc... Please respect this requirement and DO NOT RIP THIS SITE.
Please DO link to this page! Post to Plurk Post to Yahoo Buzz Post to Delicious Post to Digg Post to MySpace Post to Ping.fm Post to Reddit Post to StumbleUpon

Contact

page generated in 99.526880 milliseconds

Why Google AdSense ads ?

New Improved Search!