Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Brower Environment Variables

Posted on 1999-01-20
12
Medium Priority
?
178 Views
Last Modified: 2013-12-25
Is there any way to programmatically (CGI,javascript,java,etc.) set the user name and password browser variables for the current realm?
I need it to work for IE 4.0 and Netscape 4.05.  
I am running Apache 1.3.3. I can rebuild it and add in any modules if needed.  
I trying to have a cgi program set the name and password so the user does not have type it in multiple times.

Thanks,
Dennis
0
Comment
Question by:baasdr
12 Comments
 

Author Comment

by:baasdr
ID: 1832353
Edited text of question
0
 

Author Comment

by:baasdr
ID: 1832354
Edited text of question
0
 
LVL 7

Expert Comment

by:jconde
ID: 1832355
baasdr, I don't really understand your question,  could you please refrase "Is there any way to programmatically (CGI,javascript,java,etc.) set the user name and password
browser variables for the current realm? "
0
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

 
LVL 1

Expert Comment

by:ptruman
ID: 1832356
If you are on NT you can get the Domain & username
but IIRC thats .asp dependent...

0
 

Author Comment

by:baasdr
ID: 1832357
Sure I'll try,

I want to be able to load the browsers' name and password environment variables for my domain.  The same way that they are loaded into the browser when a user types them in at the popup Login prompt of the browser.  When a user request a file that requires basic authentication, the browser first check for a name and password for that realm.  If the browser has it, it sends it back to the webserver.  If it does not have it it pops up a dialog and asks the user for one.  The browser also save it off for the next time.  If the webserver accepts that answer it will return the requseted page.  Otherwise it sends a reject and the process starts over.  
Before I send a user into a directory that needs authenication I would like send the browser a name and password to put in the environment space.  That way the user never types it in, sees it, even know it happened.  He just has access.
Now how I determine to do that in the first place is another issue, but I've worked that.

Hope that clears it up some.
Dennis
0
 

Author Comment

by:baasdr
ID: 1832358
The Apache 1.3.3 server is running under Solaris 2.5.1.
I can get info about the user already.  I'm trying to put a name and password into browsers' memory.  I don't think it can be done from client side (Java or Java script), but I've been wrong before.

It is not unreasonable to mod Apache to do it.  I'm just not sure it could be done from there and I'd rather not go that route, yet.

Thanks,
Dennis
0
 
LVL 7

Expert Comment

by:jconde
ID: 1832359
Ok, I get it!...thanx!

I don't think you're going to be able to get the password, but the user name is contained in an enviroment variable called AUTH_USER.

I'm going to re-check about the password and I'll get back to you.

Regards,

Jorge
0
 

Author Comment

by:baasdr
ID: 1832360
I don't want to get AUTH_USER/REMOTE_USER and AUTH_PASS(available from some servers).  That's not tough.
I want to set them back at the browser.  So the next CGI call they are what I set, not what the user typed.

Dennis
0
 

Author Comment

by:baasdr
ID: 1832361
Adjusted points to 140
0
 

Expert Comment

by:robert_mann
ID: 1832362
Just a quick comment but why would you need something like this?  Maybe there is another solution for the problem at hand.
0
 
LVL 11

Accepted Solution

by:
mouatts earned 140 total points
ID: 1832363
You can't do what you want because there is no mechanism for the browser to receieve the values even if you mod the server to send it.

What you want can be done but is done with certificates normally. Ie when an attempt is made to access your secure area the server issues a certficate request to the browser which if it has one returns it thus allowing you to allow access to the area.

Another alternative is to use digest security. This allows you to specify lists of IP addresses that are allowed or barred from accessing the directory. The main problem with this is that on the Internet IP masquarading will allow illegal access and if proxies are involved then you can't differentiate between different users coming through the same proxy.

One approach that will allow you to do this after a fashion is to direct someone to a secure are and once they have entered a username and password they are returned a cookie with some form of id and they are then redirected to the genuine secure area. This area which will have to consist of dynamic pages only then ensuers that the cookie is present on every request. On subsequent accesses because the cookie will still be present you can direct them to the pseudo secure area without going to the password protected one first.

HTH
    Steve
0
 

Author Comment

by:baasdr
ID: 1832364
I have been lead to believe that there is a mechanism in the browsers to set Login and Password.  I've been all throught the cookie and IP route.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It is a general practice to get rid of old user profiles on a computer  in a LAN environment. As I have been working with a company in a LAN environment where users move from one place to some other place at times. This will make many user profil…
Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
Learn the basics of strings in Python: declaration, operations, indices, and slicing. Strings are declared with quotations; for example: s = "string": Strings are immutable.: Strings may be concatenated or multiplied using the addition and multiplic…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question