Solved

Http Authentication parameters in URL not working

Posted on 2004-04-16
14
2,649 Views
Last Modified: 2008-01-16
Recently my shortcuts that include my http authentication usernames and passwords in the URL ceased working, resulting in an "Invalid Syntax Error" and "The page cannot be displayed" message in Internet Explorer.

The format I am using is http://username:password@mydomain.com

Please note:  These DID work before, and do work from other computers, which leads me to believe that it has something to do with my browser here.  Any suggestions are gratefully appreciated!
0
Comment
Question by:earthman100
  • 7
  • 6
14 Comments
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 10846754
In tools select internet options... click security tab custom settings and down at the bottom is the user authentication.  It needs to be allow automatic logon. make sure you set it for both itranet, and Internet.

Cd&
0
 

Author Comment

by:earthman100
ID: 10847271
Hi Dinosaur,

I have tried each of the settings:

Anonymous Logon
Automatic Logon only in Intranet Zone
Automatic Logon with current Username and Password
Prompt for Username and Password

with no success for any of them.

Any other ideas?  BTW I am using IE 6.0 (2800.1106.xpsp2)
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 10849385
I've seen similar roadblocks in forums that point back to this update, but haven't had time to explore the details further (yet)
http://www.microsoft.com/technet/security/bulletin/MS04-004.mspx
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 27

Assisted Solution

by:Asta Cu
Asta Cu earned 500 total points
ID: 10849404
Many more having this problem, per this:
http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=invalid+syntax+username%3Apassword+ie6

A security update is available that modifies the default behavior of Internet Explorer for handling user information in HTTP and in HTTPS URLs
http://support.microsoft.com/default.aspx?scid=kb;en-us;834489
0
 
LVL 27

Assisted Solution

by:Asta Cu
Asta Cu earned 500 total points
ID: 10849410
More IE 6 authentication issues, since end-user environments are so variable; you can pick and choose here for applicability to your environment.  I apologize for the multiple entries here, my mind works in phases when I'm rushed and keep thinking of other possibilities "after" hitting the submit buttons.  Please forgive these.
http://support.microsoft.com/search/default.aspx?InCC_hdn=true&Catalog=LCID%3D1033%26CDID%3DEN-US-KB%26PRODLISTSRC%3DON&withinResults=&QuerySource=gASr_Query&Product=ie600&Queryc=authentication&Query=authentication&KeywordType=PHRASE&maxResults=150&Titles=false&numDays=&InCC=on

My final post for the day, with good luck.
Asta
0
 

Author Comment

by:earthman100
ID: 10856484
Hi astaec,

The article you pointed to:  http://support.microsoft.com/default.aspx?scid=kb;en-us;834489  seems to be the one, because I did run windows update recently, and then the problems began.  (aren't they supposed to FIX things??? *sigh*)

The article shows a way to disable the new feature, but I added the registry entries and it did not seem to work.  Any other suggestions?
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 10860617
Drat!  The workarounds in the link did not work?  Hmmm  I'll need to think about this a bit more and research a bit more when I return from work (hopefully this evening)... or when time permits.  Long week 4 me.  Thse are but a few.... of the workarounds and cut/paste from the link above.......

Workarounds for users
URLs that are opened by users who type the URL in the Address bar or click a link
If users typically type HTTP or HTTPS URLs that include user information in the Address bar, or click links that include user information in HTTP or HTTPS URLs, you can work around this new functionality in Internet Explorer in two ways:
Do not include user information in HTTP or HTTPS URLs.
Instruct users not to include their user information when they type HTTP or HTTPS URLs.
If the Web site uses the basic authentication method, Internet Explorer automatically prompts users for a user name and a password. In some cases, users can click the Remember my password box in the dialog box to save their credentials for later visits to that Web site.
Workarounds for application and Web site developers
URLs that are opened by objects that call WinInet or Urlmon functions
For objects that use an HTTP or an HTTPS URL that includes user information when they call a WinInet or Urlmon function such as InternetOpenURL, rewrite the object to use one of the following methods to send user information to the Web site:
Use the InternetSetOption function and include the following option flags:
INTERNET_OPTION_USERNAME
INTERNET_OPTION_PASSWORD
Note For these flags, the InternetSetOption option must have a handle returned by the InternetConnect function. Therefore, if the application uses the InternetOpenUrl function, modify the application to use the InternetConnect, HttpOpenRequest and HttpSendRequest WinInet functions. For additional information about how to use these functions, visit the following Microsoft Web sites:
http://msdn.microsoft.com/library/en-us/wininet/wininet/internetconnect.asp

http://msdn.microsoft.com/library/en-us/wininet/wininet/httpopenrequest.asp

http://msdn.microsoft.com/library/en-us/wininet/wininet/httpsendrequest.asp

Use the IAuthenticate Interface. For additional information about how to use the IAuthenticate Interface, visit the following Microsoft Web site:
http://msdn.microsoft.com/workshop/networking/moniker/reference/ifaces/iauthenticate/iauthenticate.asp

Note With this workaround, you can open Web sites that the URL-spoofing technique redirects. The whole URL appears, including the redirected location. For example, the following URL appears:
http://www.wingtiptoys.com@www.example.com

The user still arrives at the redirected Web site. In this example, the user arrives at http://www.example.com.
URLs that are opened by a script that uses credentials for state management
If you include HTTP or HTTPS URLs that contain user information in your scripting code, to manage state information, change your scripting code to use cookies instead of user information. For additional information about how to use cookies to manage state information, visit the following Internet Engineering Task Force (IETF) Web site:
http://www.ietf.org/rfc/rfc2965.txt 

To see an example of how to use Visual Basic to read and write HTTP cookies in an ASP.NET Web program, visit the following Microsoft Web site:
http://msdn.microsoft.com/library/en-us/dv_vstechart/html/vbtchaspnetcookies101.asp

How to disable the new behavior or to use it in other programs
After you install the 832894 security update, you can set registry values to use this new behavior in other programs that host the Web browser control or to disable this new behavior for Windows Explorer and Internet Explorer.
How programs that host the Web browser control can use this new default behavior to handle user information in HTTP or in HTTPS URLs
By default, this new default behavior for handling user information in HTTP or HTTPS URLs applies only to Windows Explorer and Internet Explorer. To use this new behavior in other programs that host the Web browser control, create a DWORD value named SampleApp.exe, where SampleApp.exe is the name of the executable file that runs the program. Set the DWORD value's value data to 1 in one of the following registry keys.
For all users of the program, set the value in the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE

For the current user of the program only, set the value in the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE

Source and here again for more:  http://support.microsoft.com/default.aspx?scid=kb;en-us;834489

AND you set the DWORD?  

I'm really baffled.  Perhaps others will step in here as well, in the interim.

Asta





0
 

Author Comment

by:earthman100
ID: 10860695
This is what I added to my registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Feature Control]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Feature Control\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"iexplore.exe"=dword:00000000
"explorer.exe"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Feature Control]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Feature Control\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"iexplore.exe"=dword:00000000
"explorer.exe"=dword:00000000
0
 
LVL 27

Accepted Solution

by:
Asta Cu earned 500 total points
ID: 10913504
Then close, reboot and ok?
0
 

Author Comment

by:earthman100
ID: 10914507
Nope, hasn't worked since I added the keys.
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 10930083
Drat!  Doing some other research stumbled on these and perhaps they'll be of help here...  

What is your Operating System and version?  My thinking is trying Restore Points if XP or ME prior to the time you noted the problem, but again, unclear.

Introduction to URL Security Zones - http://msdn.microsoft.com/library/default.asp?url=/workshop/security/szone/overview/templates.asp
http://msdn.microsoft.com/library/default.asp?url=/workshop/security/szone/overview/templates.asp

How to strengthen the security settings for the Local Machine zone in Internet Explorer
http://support.microsoft.com/default.aspx?scid=833633

How to access a network resource that requires username and password authentication when your user account requires a smart card for interactive logon
http://support.microsoft.com/default.aspx?scid=kb;en-us;834432&Product=winxp

There are so many hits on queries relating to your issue and still numerous unknowns in terms of your environment, so will include the result in the hopes you can scan them quickly and choose those which apply for further possibilities.
http://support.microsoft.com/search/default.aspx?InCC_hdn=true&Catalog=LCID%3D1033%26CDID%3DEN-US-KB%26PRODLISTSRC%3DON&withinResults=&QuerySource=gASr_Query&Product=winxp&Queryc=http%3A%2F%2Fusername%3Apassword@mydomain.com&Query=http%3A%2F%2Fusername%3Apassword@mydomain.com&KeywordType=ALL&maxResults=150&Titles=false&numDays=&InCC=on
0
 

Author Comment

by:earthman100
ID: 11076864
Environment:

Windows XP - Pro 2002 SP1

IE - 6.0.2800.1106.xpsp2-030422-1633  -  128 bit
      Update Versions:  Sp1; Q832894


Thanks for your suggestions so far, still no go.
0
 

Author Comment

by:earthman100
ID: 11076993
YAHOO!  I got it.  Was a little wacky, but I had to close all explorer windows, went to ctrl-alt-del and axed the explorer process.  Then restarted the explorer, and ran the registry entry, and it worked.

Thanks!
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 11079540
YAHOO, YAY and a YIPEE!  This one was driving me a little nuts, made no sense but then been there before;  sometimes it's not what is done but the order in which it is done.  Crazy things like this do keep you going, no?  I'm so pleased, thanks for the update and good news.  You're right on!  It was a little wacky.  Had a friend recently with whom I worked to do troubleshooting and what should have worked just did not; the missing ingredient for him was to execute MULTIPLE reboots (6, I think .... go figure, lol).

Thank you also for the fine grade, earthman100.

":0) Asta
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently found myself in a Corporate Situation where the client had requested blocking access to any and all websites except his own Domain? Easy? I am sure this would be your answer but their requirement was, this has to be done without using…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question