473,387 Members | 1,545 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > javascript > questions > authenticating to a web site without the user/password popup

Join Bytes to post your question to a community of 473,387 software developers and data experts.

Authenticating to a Web Site WITHOUT the user/password popup

This problem has been challenging me for several days now.

I have a web site that uses the usual, mundane Basic Authentication.
But, now I have a request (actually, a demand) that users from a
particular, trusted subnet of my company, want to be able to have
access to the web site WITHOUT the username/password popup window
coming up. (They don't even want to type it in once and check "Keep
this Password"!) This is not a homegrown website, so I have little
or no control about the authentication process from that end.

However, I do have a plan:

I want to point those users (in that subnet) to a "phony" page. That
page would have PHP coding that would check their incoming IP address,
and, if they fall within the proper range, would GIVE them the realm,
username and password (and even the base64 encoded Authentication
string!) that they should use to request the actual page. What I
can't seem to figure out is how to set those credentials using a
client-side script like JavaScript within the browser and then force
an HTTP request of the "real" page, this time using the given
authentication and avoiding the popup login window.

Does anyone know how to do this? Or, even, is what I am trying to do
possible? Any comment and suggestions would be greatly appreciated.

Thanks,
Tom
to**@cohesion.com
Jul 23 '05 #1
3 3807
Nobody spilled the following:
This problem has been challenging me for several days now.

I have a web site that uses the usual, mundane Basic Authentication.
But, now I have a request (actually, a demand) that users from a
particular, trusted subnet of my company, want to be able to have
access to the web site WITHOUT the username/password popup window
coming up. (They don't even want to type it in once and check "Keep
this Password"!) This is not a homegrown website, so I have little
or no control about the authentication process from that end.

However, I do have a plan:


I can't say whether your plan would work, but given its objectives, it could
only be acheivable by undermining the security model built into javascript
and http. Even if it did work, the solution is likely to be limited by the
version of browser.

The problem also seems to involve a third party whose security model you are
trying to subvert - presumably without their knowledge/co-operation.

It is possible to solve the problem in a technically 'correct' manner, but
not using javascript. But that still doesn't resolve the ethical issues.

I would suggest that you begin by looking to re-implement the authentication
system with the cooperation of the website owners/developers, and only if
you've exhausted that avenue, go click on the 'Keep this password'
yourself.

C.
Jul 23 '05 #2
On Thu, 18 Nov 2004 22:38:02 GMT, Colin McKinnon
<co**********************@ntlworld.deletemeunlessU RaBot.com> wrote:
Nobody spilled the following:
This problem has been challenging me for several days now.

I have a web site that uses the usual, mundane Basic Authentication.
But, now I have a request (actually, a demand) that users from a
particular, trusted subnet of my company, want to be able to have
access to the web site WITHOUT the username/password popup window
coming up. (They don't even want to type it in once and check "Keep
this Password"!) This is not a homegrown website, so I have little
or no control about the authentication process from that end.

However, I do have a plan:


I can't say whether your plan would work, but given its objectives, it could
only be acheivable by undermining the security model built into javascript
and http. Even if it did work, the solution is likely to be limited by the
version of browser.

The problem also seems to involve a third party whose security model you are
trying to subvert - presumably without their knowledge/co-operation.

It is possible to solve the problem in a technically 'correct' manner, but
not using javascript. But that still doesn't resolve the ethical issues.

I would suggest that you begin by looking to re-implement the authentication
system with the cooperation of the website owners/developers, and only if
you've exhausted that avenue, go click on the 'Keep this password'
yourself.

C.

Just to clarify, we OWN the website, and have full control over the
usernames, passwords, etc., it's just that it is a purchased software
package that necessitates authentication via the Basic model. I speak
with the software company fairly regularly and they couldn't care less
about who we let access it and how, especially since we (once again)
own this copy of the software. So, that should allay any fears over
the ethics of what I am trying to do.

What I would like to see is if anyone has a reasonable solution to
this problem that they might want to share, or at least direct me to
where I might begin to solve it on my own. If JavaScript is not the
answer, might anything else be?

Thanks, in advance, again,
Tom
Jul 23 '05 #3
Colin McKinnon <co**********************@ntlworld.deletemeunlessU RaBot.com> wrote in message news:<ev**************@newsfe5-win.ntli.net>...
I have a web site that uses the usual, mundane Basic Authentication.
But, now I have a request (actually, a demand) that users from a
particular, trusted subnet of my company, want to be able to have
access to the web site WITHOUT the username/password popup window
coming up. (They don't even want to type it in once and check "Keep
this Password"!) This is not a homegrown website, so I have little
or no control about the authentication process from that end.


Here is what I would try:

1) trace the TCP/IP data traffic on a client to see what is being sent
to the server as the logon.

2) Make a bookmark of this data

3) Try the bookmark and see if it works

4) If the bookmark works, create a web page that automatically submits
the logon
Another idea would be to try a commercial product like:

Password Officer
- fully handles logon to web-pages
- fills in the URL, forms, clicks to buttons
- detects and fills in any program window
etc.

http://www.compelson.com/pofi.htm

Robert
Jul 23 '05 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
Authenticating against Linux User.
by: Smitro | last post by:
Hi, I'm looking for a Tutorial about Authenticating using PHP and Linux User Accounts. Can some one point me in the right direction? Smitro
PHP
9
ADSI - Authenticating Users
by: Sophia | last post by:
I need to authenticate users to enter in a NTLM-protected virtual directory, but I can't pop up a NT-login dialogue box - I can only do a web-based username/password form (my client is a...
ASP / Active Server Pages
3
How do you figure out the LDAP://? ("Error authenticating. Error authenticating user. The specified domain either does not exist or could not be contacted")
by: mrwoopey | last post by:
Hi, I am using the example "Authenticate against the Active Directory by Using Forms Authentication and Visual Basic .NET": http://support.microsoft.com/default.aspx?scid=KB;EN-US;326340 ...
ASP.NET
4
Trouble authenticating to Remote SQL Server
by: Brent Waldrop | last post by:
Ok everyone, i have been pulling my hair out on this one. I have been working on it for 3 days with no sucess. This problem is occuring at home where i am running a workgroup. I have Windows 2003...
ASP.NET
1
Problem authenticating to sql server from asp.net
by: wendygt | last post by:
I have a development webserver currently running 6 asp.net web applications, a webservice, and a scheduled service that are under Integrated Windows Authentication and that carry the credentials...
ASP.NET
2
authenticating without prompting
by: Carlos | last post by:
Hi all, is there a way to perform windows authentication for an app but without having to display the authentication prompt? i.e. getting their user credentials, and allowing users form a...
ASP.NET
4
Authenticating user logon with barcode
by: teddysnips | last post by:
My clients want their employees to log in by scanning a barcode on their passes. I've set up a web page with a text box to capture the scanned barcode. Two questions. 1. Can anyone think of...
ASP.NET
1
Authenticating to a service
by: GM | last post by:
Hello, I need ideas, concepts to realize the following things: I have a service (vb.net) running on a workstation communicating with a client application. The data flow does not need to be...
Visual Basic .NET
1
Redirect to an authenticated site .....
by: giodo | last post by:
Hi ALL When we try to get an access to a secure content in a IIS with "Basic Authentication" IE shows a dialog box to set user ID and pass. After correct authentication IE (all browsers) adds a...
ASP.NET
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!