What i'm trying to do is:
Receive username and password via form and authenticate them with IIS using basic authentication.
The thing is, I want to do this without the built in browser popup.
Is there a way to override the popup and authenticate through code?
My website is in ASP.NET and i'm using IIS7.
Thanks to all helpers!
You can put the credentials in the URL. See for instance https://serverfault.com/questions/371907/can-you-pass-user-pass-for-http-basic-authentication-in-url-parameters. Note the remark in that question that it doesn't work in IE.
Basic authentication uses a base64 encoded string containing [username:password] in the http authentication header.
You can simply add this to your request using jQuery's header function before performing the request. But wrong credentials would still cause a pop up.
Related
Is it possible that form authentication can work in asp.net without cookies? I have learnt some where that without cookies authentication work normally but with help of token in query string but when I am disabling cookies my form authentication is failing with message in browser similar as shown in
Figure
Do I need to make some configuration changes to make it work with help of query string token?
I'm doing an application for android, iOS and Windows Phone using Xamarin.forms.
I need to implement login with most common social for all platforms and I have found on web Restsharp.Portable.
I'm having trouble to understand how to use the library (it was correctly imported) for OAuth2 request.
Does anyone have any example or guide that could be helpful?
I struggled with restsharp.portable due to the lack of documentation.
Instead I used the redirect URL as a way of getting the code generated after the user gives permission needed to request the access token.
I gave the browser the correct adddress for the login/permission screen and for the Redirect I set to a made up address (http://madeupaddress.com) and on the Navigating event of the browser checked if the url started with my made up address, if so, I cancel navigation, closed the browser and take the token from the URI.Query parameters found in the navigating event parameters (or named differently depending on control/platform). I thenapply for the access token using the code via Microsoft HTTP Client.
This was for Windows Phone 8.1.
Thanks go to Vittorio Bertocci
I ended up using Microsoft Httpclient for the access token.
We're trying to test an API that requires HTTP Basic Access Authentication credentials (http://en.wikipedia.org/wiki/Basic_access_authentication) in the request.
Ideally, we could just test the API using a web browser by putting all API parameters in the URL querystring, but we haven't yet found a way to encode the HTTP Basic Access Authentication credentials (username and password) in the querystring.
Does anyone know a way to do this?
Thus far, we've tried:
https://username:password#mydomain.com/
...without success.
username:password#url authentication has been disabled in many browsers for security reasons.
For example in IE:
Internet Explorer does not support user names and passwords in Web site addresses (HTTP or HTTPS URLs)
As far as I know, there is no way to circumvent this if this is blocked. It's possible that this can be turned of in Firefox using a setting in about:config. Or use some other browser that doesn't block it - I don't know which ones do and which don't.
Alternatively, consider building a quick web form that submits the option to a server-side language (e.g. PHP) that makes the request, or use a command line client like wget to send the requests. The latter might even be easiest
If I have a Selenium test which is currently logged in (with HTTP Authentication) to a particular website, how can I cause the remote browser to forget the current authentication so that I can log in as a different user (while remaining within the same test)?
Is this basic authentication? If it is, you can modify the basic auth header in your request to log in as a new user. You'll have to use Selenium server as a proxy in order to modify the request headers, however.
It depends how you are handling authentication.
If you are doing it via a cookie that gets checked server side you could do deleteCookie or if you want to delete all of them on the page you could do deleteAllVisibleCookies
If you are keeping it within a JavaScript you could just use getEval and delete whats in the variables.
How can I protect an ASP Classic page with either HTTP AUTH (you must provide a username and password to service) or a randomly generated access key that will be included as one of the parameters of the HTTP POST using the variable name access_key.
Can anybody provide asp classic code in this regard?
Quick help will be appreciated...
PS: OrderGroove is a 3rd party service... neglect it.
Basic HTTP Authentication is something you can turn on by configuring your web server (probably IIS). There isn't any ASP classic code that can do it, as far as I know.
Another option is to store login information in a Session variable (i.e. Session("LoggedInUser")). On every page, just check to see if that variable is set, and if it's not, redirect them to a login page.
Note that both these methods will send username/password unencrypted, so you would probably want to get an SSL certificate for security reasons.
See also:
HTTP Authentication (Basic or Digest) in ASP Classic via IIS
https://web.archive.org/web/20211020140227/https://www.4guysfromrolla.com/webtech/020201-1.shtml
You can manipulate IIS metadata using the IIS:// protocol scheme with GetObject. Check out your adsutil.vbs file, usually in C:\Inetpub\AdminScripts
Furthermore you can implement Basic Auth with plain/text by getting/setting HTTP Headers along with a Base64 encoder/decoder. Although this is highly insecure.