This problem has been challenging me for several days now.
I have a web site that uses the usual, mundane Basic Authentication.
But, now I have a request (actually, a demand) that users from a
particular, trusted subnet of my company, want to be able to have
access to the web site WITHOUT the username/password popup window
coming up. (They don't even want to type it in once and check "Keep
this Password"!) This is not a homegrown website, so I have little
or no control about the authentication process from that end.
However, I do have a plan:
I want to point those users (in that subnet) to a "phony" page. That
page would have PHP coding that would check their incoming IP address,
and, if they fall within the proper range, would GIVE them the realm,
username and password (and even the base64 encoded Authentication
string!) that they should use to request the actual page. What I
can't seem to figure out is how to set those credentials using a
client-side script like JavaScript within the browser and then force
an HTTP request of the "real" page, this time using the given
authentication and avoiding the popup login window.
Does anyone know how to do this? Or, even, is what I am trying to do
possible? Any comment and suggestions would be greatly appreciated.
Thanks,
Tom
to**@cohesion.com