Set auththentication header via script?

Hi,
I have the same problem.

Have you found an example or anything else?

thanks.

Giuliano
"Martin" <ma**********@comcast.net> wrote in message
news:bu********************************@4ax.com...

I have a situation where I'm currently using Basic authentication (the
server issues a 401, the client pops up its window, etc., etc.).

Instead of having the server send out a 401, I would like to send out
my own page that would create the proper header field for all
subsequent requests from that client. Can such be done with JS? Can
someone point me to an example?

I do not need encoding. This is on an intranet and the authentication
is being used mainly to return different information to different
users as opposed to trying to keep out the "bad guys".

Thanks.

What I have found is that, apparently, it can't be done.

I exchanged some e-mails with someone, talked with a couple of people
and have Googled extensively. It appears that trying to set the
contents of the headers simply is not possible with javascript.

I wish there was a way - this method of authentication is exactly what
I want to do. I've reviewed several other ways of doing it and they
are all relatively difficult to implement. In fact, I will probably be
posting some questions somewhere now asking about ways to do this.

In my case, all I want to do is provide a custom interface for the
user to key in his userid and password. :(

Martin

On Tue, 19 Oct 2004 11:55:34 +0200, "Giuliano" <pa*****@palosco.eu>
wrote:

Hi,
I have the same problem.

Have you found an example or anything else?

thanks.

Giuliano
"Martin" <ma**********@comcast.net> wrote in message
news:bu********************************@4ax.com.. .

I have a situation where I'm currently using Basic authentication (the
server issues a 401, the client pops up its window, etc., etc.).

Instead of having the server send out a 401, I would like to send out
my own page that would create the proper header field for all
subsequent requests from that client. Can such be done with JS? Can
someone point me to an example?

I do not need encoding. This is on an intranet and the authentication
is being used mainly to return different information to different
users as opposed to trying to keep out the "bad guys".

Thanks.

Martin wrote:

In my case, all I want to do is provide a custom interface for the
user to key in his userid and password. :(

Perhaps you could have said that before...

<FORM action=""
onsubmit="location.href='http://' +
this.n.value + ':' + this.pw.value +
'@www.yourdomain.com/protectedfolder/';
return false;">
<LABEL>Name: <INPUT type="text" name="n"></LABEL><BR>
<LABEL>Password: <INPUT type="password" name="pw"></LABEL><BR>
<INPUT type="submit" value="Submit">
</FORM>

Obviously this won't work in browsers where Javascript is unavailable.
What's wrong with the standard interface?

Phil

--
Philip Ronan
ph***********@virgin.net
(Please remove the "z"s if replying by email)

I don't see where your code does anything to authenticate the user
(ie: create the "authorization" header that gets sent to the server).

As I said in my original post, when the server receives an
un-authenticated "post" or "get", it issues a code 401 response. This
causes the browser to pop up its built-in prompt for userid and
password. When that is returned to the server, the server can accept
or reject. If it accepts, then through some mechanism that I don't
fully understand, all further exchanges with that client will contain
a valid "authorization" header. I have my server-side scripting set up
to check this header on every "post" and every "get" to control what
that particular user sees.

I was hoping that I could serve my own page (instead of sending a code
401) that would accomplish the same thing - apparently I can't. Any
other approach I take (including what you suggested) means that I have
to keep track of the user's session manually in some manner so that he
doesn't have to log in for every different page he wants to look at.

As to what's "wrong" with the standard pop up prompt: nothing really -
I just wanted to have a unique page that visually matched the rest of
the pages. Also, I have some thoughts of using a "PIN" number to
control access instead of the traditional userid and password.
On Tue, 19 Oct 2004 14:45:32 +0100, Philip Ronan
<ph***********@virgin.net> wrote:

Martin wrote:

In my case, all I want to do is provide a custom interface for the
user to key in his userid and password. :(

Perhaps you could have said that before...

<FORM action=""
onsubmit="location.href='http://' +
this.n.value + ':' + this.pw.value +
'@www.yourdomain.com/protectedfolder/';
return false;">
<LABEL>Name: <INPUT type="text" name="n"></LABEL><BR>
<LABEL>Password: <INPUT type="password" name="pw"></LABEL><BR>
<INPUT type="submit" value="Submit">
</FORM>

Obviously this won't work in browsers where Javascript is unavailable.
What's wrong with the standard interface?

Phil

Martin wrote:

I don't see where your code does anything to authenticate the user
(ie: create the "authorization" header that gets sent to the server).

Sorry. for a moment there I thought I understood what you were going on
about.

A URL of the form http://username:pa******@domain.com/protectedfolder/ will
bypass the usual authentication procedure. I thought that was what you were
after.

Apparently not. :-(

--
Philip Ronan
ph***********@virgin.net
(Please remove the "z"s if replying by email)

Philip Ronan wrote:

A URL of the form http://username:pa******@domain.com/protectedfolder/
will bypass the usual authentication procedure. [...]

Only in borken UAs. HTTP does not allow such URLs.
PointedEars
--
I find your lack of faith disturbing! ::starts choking::