Using Chrome Browser-
For Example,
http://example.com
Username is- abc\User123
Password is- password123
When I try to navigate to http://abc\User123:password123#example.com, it does not work as chrome tries to go to http://abc/User123:password123#example.com.
Related
Im currently connecting with a site which uses basic auth, and my url looks like http://username:password#mysite.com. It works, but everyone can see the password; Is there any method to hide it, by means of base64 or something similar?
This syntax is just a shortcut for the browser. Some browser will use this syntax to build the Authorization headers (some will not).
But. One thing is sure. You are giving the user+password to everyone. If your site use basic authentication, then you need to give the user and password information to your users, like in an email for example. Why would you add an authentication and then let everybody access the authenticated section?
HTTP Basic authentication is not very secure. But can be used to prevent indexation by bots, or with https. When you add this sort of (annoying) popup the users will have to enter the credentials, there is no other way. And the browser will record the credentials and add the same information (user+pass encoded in base64 -- which means is in clear text, no security--) for each page requested on your site until the browser is closed. So you do not need to add the credentials on the url, the browser will do it for you, after a first popup.
I cannot login to 2 of my WordPress sites (running on the same subdomain). After login I didn't get a message that my credentials are incorrect, but the page reloads and I'm back to the loginpage.
Password rest link doesn't work, he says 'invalid key'. Key = domain.com/wp-login.php?action=rp&key=k5ZhuvbXgAofh0Yql8VK&login=username
Password reset via database doesn't work too. Changed the password to the value given by http://www.passwordtool.hu/wordpress-password-hash-generator-v3-v4 (testtest), but I'm not able to login with the new username/password (still the same result: no error message)
I didn't changed anything to those website the last 2/3 weeks. Maybe an automatically update has changed something. Site urls are correct.
One site is running WP Limit Login Attempts (https://nl.wordpress.org/plugins/wp-limit-login-attempts/) which allows me to try 4 times before I been blocked for 30 minutes.
Deleted all cookies but no result. Has anybody an solution?
Solution found. It was/is a problem with my Internet Service Provider, which filters the internet (paid service, special for kids).
The filter is now off, and I can login to my sites.
I'm using meteor login and receiving Login Failed.
When I sign in to meteor.com using my user/name and password, it works OK.
Does meteor login use a different credential store or is it the same as the website?
Hopefully this helps others.
I was using my email and password to sign in to the website and so I thought that would work via meteor login
Apparently I also have a username (seperate to the email address)
I was able to successfully sign in via command line using UserName & Password.
I think it is odd that you can sign into website with Email & Password, but via commandline it is UserName & Password.
I have the same problem.
To find your username, just login to meteor.com and go to 'My Account'.
You will see 'Basic info for username' as the heading.
After numerous attempts entering and continually getting "login failed", I decided to change my password to include only lower case characters. My next attempt at deployment succeeded because it understood my password entry.
We have a long vendor list, each vendor website has it's own user name and password, we wanted to make a list of URLs, so one employee can click on one of the URL, s/he can directly log in to the vendor website without has to type the log-in details.
I tried to copy the location with the parameter passed (including username & password) from firebug, but that didn't work, which it redirect me to the log-in page, is there any better way to do this?
i'm developing an Asp.Net application who try to connect to an active directory to login. I know i'm not using the "best practice" to do this, so i attach my source code inside the "Default.vb":
Dim User As System.Security.Principal.IPrincipal
Dim username As String
User = System.Web.HttpContext.Current.User
username =User.Identity.Name
If User.Identity.IsAuthenticated Then
'ok do something
else
'do someothers
end if
When i use Chrome and Internet Explorer is all ok: automatically the user is signed as "logged". But if i open Firefox it ask username and password with his "internal" inputbox ... i don't know how to explain... firefox ask for a user and a password: if i enter my active directory username and password (for example, i enter user: MYCOMPANYDOMAIN\stighy) , then i enter...
So .. i'm doing something wrong ?
By default firefox will not automatically send NTLM credentials.
However it is possible to override this via the browser settings.
In most cases it is not practical to change peoples settings.
However if you are developing a intranet based application, it may be feasible for you to change on client machines that you need to. And I have heard that you can change the settings en masse using a group policy.
Here is something to get you started http://support.mozilla.com/en-US/kb/Firefox%20asks%20for%20user%20name%20and%20password%20on%20internal%20sites
It appears that the page isn't maintained, so I can't vouch for it.
However I have changed these settings before myself (thought sorry I can't find the exact tutorial I used).
It's because of the implementation of NTLM in Firefox.
When you connect to a site using integrated auth, the server first responds with a 401 and a authenticate header identifying what auth methods it supports. Your browser can react to this in a number of ways. With integrated auth, there are actually 2 methods that do the same thing in slightly different ways.
IE uses Kerberos, because, well it's Microsoft. This is method uses only 1 round trip. Your browser responds to the challenge it got above with a token. This token is all the server needs to figure you out and let you in.
In Firefox they use the older, but better documented NTLM. Firefox asks the server for a challenge which the server responds to. Firefox then needs your username & password to asnswer this callenge and the only way to get this is to ask the user.
It then responds to the challenge using an encrypted value based on your username & password. If this matches the challenge the server was expecting, you get authenticated.
I guess Chrome uses a method similar to IE so doesn't need to prompt you. Bottom line is you're not doing anything wrong & it's just the way it works. I would suggest reading up on Challenge/Response passwords if you want to find out more.
Simon