Solved

Http Authentication parameters in URL not working

Posted on 2004-04-16
14
2,643 Views
Last Modified: 2008-01-16
Recently my shortcuts that include my http authentication usernames and passwords in the URL ceased working, resulting in an "Invalid Syntax Error" and "The page cannot be displayed" message in Internet Explorer.

The format I am using is http://username:password@mydomain.com

Please note:  These DID work before, and do work from other computers, which leads me to believe that it has something to do with my browser here.  Any suggestions are gratefully appreciated!
0
Comment
Question by:earthman100
  • 7
  • 6
14 Comments
 
LVL 53

Expert Comment

by:COBOLdinosaur
Comment Utility
In tools select internet options... click security tab custom settings and down at the bottom is the user authentication.  It needs to be allow automatic logon. make sure you set it for both itranet, and Internet.

Cd&
0
 

Author Comment

by:earthman100
Comment Utility
Hi Dinosaur,

I have tried each of the settings:

Anonymous Logon
Automatic Logon only in Intranet Zone
Automatic Logon with current Username and Password
Prompt for Username and Password

with no success for any of them.

Any other ideas?  BTW I am using IE 6.0 (2800.1106.xpsp2)
0
 
LVL 27

Expert Comment

by:Asta Cu
Comment Utility
I've seen similar roadblocks in forums that point back to this update, but haven't had time to explore the details further (yet)
http://www.microsoft.com/technet/security/bulletin/MS04-004.mspx
0
 
LVL 27

Assisted Solution

by:Asta Cu
Asta Cu earned 500 total points
Comment Utility
Many more having this problem, per this:
http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=invalid+syntax+username%3Apassword+ie6

A security update is available that modifies the default behavior of Internet Explorer for handling user information in HTTP and in HTTPS URLs
http://support.microsoft.com/default.aspx?scid=kb;en-us;834489
0
 
LVL 27

Assisted Solution

by:Asta Cu
Asta Cu earned 500 total points
Comment Utility
More IE 6 authentication issues, since end-user environments are so variable; you can pick and choose here for applicability to your environment.  I apologize for the multiple entries here, my mind works in phases when I'm rushed and keep thinking of other possibilities "after" hitting the submit buttons.  Please forgive these.
http://support.microsoft.com/search/default.aspx?InCC_hdn=true&Catalog=LCID%3D1033%26CDID%3DEN-US-KB%26PRODLISTSRC%3DON&withinResults=&QuerySource=gASr_Query&Product=ie600&Queryc=authentication&Query=authentication&KeywordType=PHRASE&maxResults=150&Titles=false&numDays=&InCC=on

My final post for the day, with good luck.
Asta
0
 

Author Comment

by:earthman100
Comment Utility
Hi astaec,

The article you pointed to:  http://support.microsoft.com/default.aspx?scid=kb;en-us;834489  seems to be the one, because I did run windows update recently, and then the problems began.  (aren't they supposed to FIX things??? *sigh*)

The article shows a way to disable the new feature, but I added the registry entries and it did not seem to work.  Any other suggestions?
0
 
LVL 27

Expert Comment

by:Asta Cu
Comment Utility
Drat!  The workarounds in the link did not work?  Hmmm  I'll need to think about this a bit more and research a bit more when I return from work (hopefully this evening)... or when time permits.  Long week 4 me.  Thse are but a few.... of the workarounds and cut/paste from the link above.......

Workarounds for users
URLs that are opened by users who type the URL in the Address bar or click a link
If users typically type HTTP or HTTPS URLs that include user information in the Address bar, or click links that include user information in HTTP or HTTPS URLs, you can work around this new functionality in Internet Explorer in two ways:
Do not include user information in HTTP or HTTPS URLs.
Instruct users not to include their user information when they type HTTP or HTTPS URLs.
If the Web site uses the basic authentication method, Internet Explorer automatically prompts users for a user name and a password. In some cases, users can click the Remember my password box in the dialog box to save their credentials for later visits to that Web site.
Workarounds for application and Web site developers
URLs that are opened by objects that call WinInet or Urlmon functions
For objects that use an HTTP or an HTTPS URL that includes user information when they call a WinInet or Urlmon function such as InternetOpenURL, rewrite the object to use one of the following methods to send user information to the Web site:
Use the InternetSetOption function and include the following option flags:
INTERNET_OPTION_USERNAME
INTERNET_OPTION_PASSWORD
Note For these flags, the InternetSetOption option must have a handle returned by the InternetConnect function. Therefore, if the application uses the InternetOpenUrl function, modify the application to use the InternetConnect, HttpOpenRequest and HttpSendRequest WinInet functions. For additional information about how to use these functions, visit the following Microsoft Web sites:
http://msdn.microsoft.com/library/en-us/wininet/wininet/internetconnect.asp

http://msdn.microsoft.com/library/en-us/wininet/wininet/httpopenrequest.asp

http://msdn.microsoft.com/library/en-us/wininet/wininet/httpsendrequest.asp

Use the IAuthenticate Interface. For additional information about how to use the IAuthenticate Interface, visit the following Microsoft Web site:
http://msdn.microsoft.com/workshop/networking/moniker/reference/ifaces/iauthenticate/iauthenticate.asp

Note With this workaround, you can open Web sites that the URL-spoofing technique redirects. The whole URL appears, including the redirected location. For example, the following URL appears:
http://www.wingtiptoys.com@www.example.com

The user still arrives at the redirected Web site. In this example, the user arrives at http://www.example.com.
URLs that are opened by a script that uses credentials for state management
If you include HTTP or HTTPS URLs that contain user information in your scripting code, to manage state information, change your scripting code to use cookies instead of user information. For additional information about how to use cookies to manage state information, visit the following Internet Engineering Task Force (IETF) Web site:
http://www.ietf.org/rfc/rfc2965.txt

To see an example of how to use Visual Basic to read and write HTTP cookies in an ASP.NET Web program, visit the following Microsoft Web site:
http://msdn.microsoft.com/library/en-us/dv_vstechart/html/vbtchaspnetcookies101.asp

How to disable the new behavior or to use it in other programs
After you install the 832894 security update, you can set registry values to use this new behavior in other programs that host the Web browser control or to disable this new behavior for Windows Explorer and Internet Explorer.
How programs that host the Web browser control can use this new default behavior to handle user information in HTTP or in HTTPS URLs
By default, this new default behavior for handling user information in HTTP or HTTPS URLs applies only to Windows Explorer and Internet Explorer. To use this new behavior in other programs that host the Web browser control, create a DWORD value named SampleApp.exe, where SampleApp.exe is the name of the executable file that runs the program. Set the DWORD value's value data to 1 in one of the following registry keys.
For all users of the program, set the value in the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE

For the current user of the program only, set the value in the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE

Source and here again for more:  http://support.microsoft.com/default.aspx?scid=kb;en-us;834489

AND you set the DWORD?  

I'm really baffled.  Perhaps others will step in here as well, in the interim.

Asta





0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:earthman100
Comment Utility
This is what I added to my registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Feature Control]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Feature Control\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"iexplore.exe"=dword:00000000
"explorer.exe"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Feature Control]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Feature Control\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"iexplore.exe"=dword:00000000
"explorer.exe"=dword:00000000
0
 
LVL 27

Accepted Solution

by:
Asta Cu earned 500 total points
Comment Utility
Then close, reboot and ok?
0
 

Author Comment

by:earthman100
Comment Utility
Nope, hasn't worked since I added the keys.
0
 
LVL 27

Expert Comment

by:Asta Cu
Comment Utility
Drat!  Doing some other research stumbled on these and perhaps they'll be of help here...  

What is your Operating System and version?  My thinking is trying Restore Points if XP or ME prior to the time you noted the problem, but again, unclear.

Introduction to URL Security Zones - http://msdn.microsoft.com/library/default.asp?url=/workshop/security/szone/overview/templates.asp
http://msdn.microsoft.com/library/default.asp?url=/workshop/security/szone/overview/templates.asp

How to strengthen the security settings for the Local Machine zone in Internet Explorer
http://support.microsoft.com/default.aspx?scid=833633

How to access a network resource that requires username and password authentication when your user account requires a smart card for interactive logon
http://support.microsoft.com/default.aspx?scid=kb;en-us;834432&Product=winxp

There are so many hits on queries relating to your issue and still numerous unknowns in terms of your environment, so will include the result in the hopes you can scan them quickly and choose those which apply for further possibilities.
http://support.microsoft.com/search/default.aspx?InCC_hdn=true&Catalog=LCID%3D1033%26CDID%3DEN-US-KB%26PRODLISTSRC%3DON&withinResults=&QuerySource=gASr_Query&Product=winxp&Queryc=http%3A%2F%2Fusername%3Apassword@mydomain.com&Query=http%3A%2F%2Fusername%3Apassword@mydomain.com&KeywordType=ALL&maxResults=150&Titles=false&numDays=&InCC=on
0
 

Author Comment

by:earthman100
Comment Utility
Environment:

Windows XP - Pro 2002 SP1

IE - 6.0.2800.1106.xpsp2-030422-1633  -  128 bit
      Update Versions:  Sp1; Q832894


Thanks for your suggestions so far, still no go.
0
 

Author Comment

by:earthman100
Comment Utility
YAHOO!  I got it.  Was a little wacky, but I had to close all explorer windows, went to ctrl-alt-del and axed the explorer process.  Then restarted the explorer, and ran the registry entry, and it worked.

Thanks!
0
 
LVL 27

Expert Comment

by:Asta Cu
Comment Utility
YAHOO, YAY and a YIPEE!  This one was driving me a little nuts, made no sense but then been there before;  sometimes it's not what is done but the order in which it is done.  Crazy things like this do keep you going, no?  I'm so pleased, thanks for the update and good news.  You're right on!  It was a little wacky.  Had a friend recently with whom I worked to do troubleshooting and what should have worked just did not; the missing ingredient for him was to execute MULTIPLE reboots (6, I think .... go figure, lol).

Thank you also for the fine grade, earthman100.

":0) Asta
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Due to recent concerns over the inevitable depletion of the current pool of IPv4 addresses and the desire to provide additional functionality for modern devices, an upgrade to IPv6 on my Internet connection was needed for me to explore the world of …
How many times have you been browsing the internet, with multiple tabs open, and closed the wrong one? Have you ever clicked 'Close all tabs' instead of 'Close current tab' ? Internet Explorer 8 now brings to you, what Firefox has had for a wh…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now