Http Authentication parameters in URL not working

Recently my shortcuts that include my http authentication usernames and passwords in the URL ceased working, resulting in an "Invalid Syntax Error" and "The page cannot be displayed" message in Internet Explorer.

The format I am using is

Please note:  These DID work before, and do work from other computers, which leads me to believe that it has something to do with my browser here.  Any suggestions are gratefully appreciated!
Who is Participating?
Asta CuTechnical consultant & graphic designCommented:
Then close, reboot and ok?
In tools select internet options... click security tab custom settings and down at the bottom is the user authentication.  It needs to be allow automatic logon. make sure you set it for both itranet, and Internet.

earthman100Author Commented:
Hi Dinosaur,

I have tried each of the settings:

Anonymous Logon
Automatic Logon only in Intranet Zone
Automatic Logon with current Username and Password
Prompt for Username and Password

with no success for any of them.

Any other ideas?  BTW I am using IE 6.0 (2800.1106.xpsp2)
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Asta CuTechnical consultant & graphic designCommented:
I've seen similar roadblocks in forums that point back to this update, but haven't had time to explore the details further (yet)
Asta CuTechnical consultant & graphic designCommented:
Many more having this problem, per this:

A security update is available that modifies the default behavior of Internet Explorer for handling user information in HTTP and in HTTPS URLs;en-us;834489
Asta CuTechnical consultant & graphic designCommented:
More IE 6 authentication issues, since end-user environments are so variable; you can pick and choose here for applicability to your environment.  I apologize for the multiple entries here, my mind works in phases when I'm rushed and keep thinking of other possibilities "after" hitting the submit buttons.  Please forgive these.

My final post for the day, with good luck.
earthman100Author Commented:
Hi astaec,

The article you pointed to:;en-us;834489  seems to be the one, because I did run windows update recently, and then the problems began.  (aren't they supposed to FIX things??? *sigh*)

The article shows a way to disable the new feature, but I added the registry entries and it did not seem to work.  Any other suggestions?
Asta CuTechnical consultant & graphic designCommented:
Drat!  The workarounds in the link did not work?  Hmmm  I'll need to think about this a bit more and research a bit more when I return from work (hopefully this evening)... or when time permits.  Long week 4 me.  Thse are but a few.... of the workarounds and cut/paste from the link above.......

Workarounds for users
URLs that are opened by users who type the URL in the Address bar or click a link
If users typically type HTTP or HTTPS URLs that include user information in the Address bar, or click links that include user information in HTTP or HTTPS URLs, you can work around this new functionality in Internet Explorer in two ways:
Do not include user information in HTTP or HTTPS URLs.
Instruct users not to include their user information when they type HTTP or HTTPS URLs.
If the Web site uses the basic authentication method, Internet Explorer automatically prompts users for a user name and a password. In some cases, users can click the Remember my password box in the dialog box to save their credentials for later visits to that Web site.
Workarounds for application and Web site developers
URLs that are opened by objects that call WinInet or Urlmon functions
For objects that use an HTTP or an HTTPS URL that includes user information when they call a WinInet or Urlmon function such as InternetOpenURL, rewrite the object to use one of the following methods to send user information to the Web site:
Use the InternetSetOption function and include the following option flags:
Note For these flags, the InternetSetOption option must have a handle returned by the InternetConnect function. Therefore, if the application uses the InternetOpenUrl function, modify the application to use the InternetConnect, HttpOpenRequest and HttpSendRequest WinInet functions. For additional information about how to use these functions, visit the following Microsoft Web sites:

Use the IAuthenticate Interface. For additional information about how to use the IAuthenticate Interface, visit the following Microsoft Web site:

Note With this workaround, you can open Web sites that the URL-spoofing technique redirects. The whole URL appears, including the redirected location. For example, the following URL appears:

The user still arrives at the redirected Web site. In this example, the user arrives at
URLs that are opened by a script that uses credentials for state management
If you include HTTP or HTTPS URLs that contain user information in your scripting code, to manage state information, change your scripting code to use cookies instead of user information. For additional information about how to use cookies to manage state information, visit the following Internet Engineering Task Force (IETF) Web site: 

To see an example of how to use Visual Basic to read and write HTTP cookies in an ASP.NET Web program, visit the following Microsoft Web site:

How to disable the new behavior or to use it in other programs
After you install the 832894 security update, you can set registry values to use this new behavior in other programs that host the Web browser control or to disable this new behavior for Windows Explorer and Internet Explorer.
How programs that host the Web browser control can use this new default behavior to handle user information in HTTP or in HTTPS URLs
By default, this new default behavior for handling user information in HTTP or HTTPS URLs applies only to Windows Explorer and Internet Explorer. To use this new behavior in other programs that host the Web browser control, create a DWORD value named SampleApp.exe, where SampleApp.exe is the name of the executable file that runs the program. Set the DWORD value's value data to 1 in one of the following registry keys.
For all users of the program, set the value in the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE

For the current user of the program only, set the value in the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE

Source and here again for more:;en-us;834489

AND you set the DWORD?  

I'm really baffled.  Perhaps others will step in here as well, in the interim.


earthman100Author Commented:
This is what I added to my registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Feature Control]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Feature Control]

earthman100Author Commented:
Nope, hasn't worked since I added the keys.
Asta CuTechnical consultant & graphic designCommented:
Drat!  Doing some other research stumbled on these and perhaps they'll be of help here...  

What is your Operating System and version?  My thinking is trying Restore Points if XP or ME prior to the time you noted the problem, but again, unclear.

Introduction to URL Security Zones -

How to strengthen the security settings for the Local Machine zone in Internet Explorer

How to access a network resource that requires username and password authentication when your user account requires a smart card for interactive logon;en-us;834432&Product=winxp

There are so many hits on queries relating to your issue and still numerous unknowns in terms of your environment, so will include the result in the hopes you can scan them quickly and choose those which apply for further possibilities.
earthman100Author Commented:

Windows XP - Pro 2002 SP1

IE - 6.0.2800.1106.xpsp2-030422-1633  -  128 bit
      Update Versions:  Sp1; Q832894

Thanks for your suggestions so far, still no go.
earthman100Author Commented:
YAHOO!  I got it.  Was a little wacky, but I had to close all explorer windows, went to ctrl-alt-del and axed the explorer process.  Then restarted the explorer, and ran the registry entry, and it worked.

Asta CuTechnical consultant & graphic designCommented:
YAHOO, YAY and a YIPEE!  This one was driving me a little nuts, made no sense but then been there before;  sometimes it's not what is done but the order in which it is done.  Crazy things like this do keep you going, no?  I'm so pleased, thanks for the update and good news.  You're right on!  It was a little wacky.  Had a friend recently with whom I worked to do troubleshooting and what should have worked just did not; the missing ingredient for him was to execute MULTIPLE reboots (6, I think .... go figure, lol).

Thank you also for the fine grade, earthman100.

":0) Asta
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.