• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 182
  • Last Modified:

Brower Environment Variables

Is there any way to programmatically (CGI,javascript,java,etc.) set the user name and password browser variables for the current realm?
I need it to work for IE 4.0 and Netscape 4.05.  
I am running Apache 1.3.3. I can rebuild it and add in any modules if needed.  
I trying to have a cgi program set the name and password so the user does not have type it in multiple times.

Thanks,
Dennis
0
baasdr
Asked:
baasdr
1 Solution
 
baasdrAuthor Commented:
Edited text of question
0
 
baasdrAuthor Commented:
Edited text of question
0
 
jcondeCommented:
baasdr, I don't really understand your question,  could you please refrase "Is there any way to programmatically (CGI,javascript,java,etc.) set the user name and password
browser variables for the current realm? "
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
ptrumanCommented:
If you are on NT you can get the Domain & username
but IIRC thats .asp dependent...

0
 
baasdrAuthor Commented:
Sure I'll try,

I want to be able to load the browsers' name and password environment variables for my domain.  The same way that they are loaded into the browser when a user types them in at the popup Login prompt of the browser.  When a user request a file that requires basic authentication, the browser first check for a name and password for that realm.  If the browser has it, it sends it back to the webserver.  If it does not have it it pops up a dialog and asks the user for one.  The browser also save it off for the next time.  If the webserver accepts that answer it will return the requseted page.  Otherwise it sends a reject and the process starts over.  
Before I send a user into a directory that needs authenication I would like send the browser a name and password to put in the environment space.  That way the user never types it in, sees it, even know it happened.  He just has access.
Now how I determine to do that in the first place is another issue, but I've worked that.

Hope that clears it up some.
Dennis
0
 
baasdrAuthor Commented:
The Apache 1.3.3 server is running under Solaris 2.5.1.
I can get info about the user already.  I'm trying to put a name and password into browsers' memory.  I don't think it can be done from client side (Java or Java script), but I've been wrong before.

It is not unreasonable to mod Apache to do it.  I'm just not sure it could be done from there and I'd rather not go that route, yet.

Thanks,
Dennis
0
 
jcondeCommented:
Ok, I get it!...thanx!

I don't think you're going to be able to get the password, but the user name is contained in an enviroment variable called AUTH_USER.

I'm going to re-check about the password and I'll get back to you.

Regards,

Jorge
0
 
baasdrAuthor Commented:
I don't want to get AUTH_USER/REMOTE_USER and AUTH_PASS(available from some servers).  That's not tough.
I want to set them back at the browser.  So the next CGI call they are what I set, not what the user typed.

Dennis
0
 
baasdrAuthor Commented:
Adjusted points to 140
0
 
robert_mannCommented:
Just a quick comment but why would you need something like this?  Maybe there is another solution for the problem at hand.
0
 
mouattsCommented:
You can't do what you want because there is no mechanism for the browser to receieve the values even if you mod the server to send it.

What you want can be done but is done with certificates normally. Ie when an attempt is made to access your secure area the server issues a certficate request to the browser which if it has one returns it thus allowing you to allow access to the area.

Another alternative is to use digest security. This allows you to specify lists of IP addresses that are allowed or barred from accessing the directory. The main problem with this is that on the Internet IP masquarading will allow illegal access and if proxies are involved then you can't differentiate between different users coming through the same proxy.

One approach that will allow you to do this after a fashion is to direct someone to a secure are and once they have entered a username and password they are returned a cookie with some form of id and they are then redirected to the genuine secure area. This area which will have to consist of dynamic pages only then ensuers that the cookie is present on every request. On subsequent accesses because the cookie will still be present you can direct them to the pseudo secure area without going to the password protected one first.

HTH
    Steve
0
 
baasdrAuthor Commented:
I have been lead to believe that there is a mechanism in the browsers to set Login and Password.  I've been all throught the cookie and IP route.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now