Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Http Authentication parameters in URL not working

Posted on 2004-04-16
Medium Priority
Last Modified: 2008-01-16
Recently my shortcuts that include my http authentication usernames and passwords in the URL ceased working, resulting in an "Invalid Syntax Error" and "The page cannot be displayed" message in Internet Explorer.

The format I am using is http://username:password@mydomain.com

Please note:  These DID work before, and do work from other computers, which leads me to believe that it has something to do with my browser here.  Any suggestions are gratefully appreciated!
Question by:earthman100
  • 7
  • 6
LVL 53

Expert Comment

ID: 10846754
In tools select internet options... click security tab custom settings and down at the bottom is the user authentication.  It needs to be allow automatic logon. make sure you set it for both itranet, and Internet.


Author Comment

ID: 10847271
Hi Dinosaur,

I have tried each of the settings:

Anonymous Logon
Automatic Logon only in Intranet Zone
Automatic Logon with current Username and Password
Prompt for Username and Password

with no success for any of them.

Any other ideas?  BTW I am using IE 6.0 (2800.1106.xpsp2)
LVL 27

Expert Comment

by:Asta Cu
ID: 10849385
I've seen similar roadblocks in forums that point back to this update, but haven't had time to explore the details further (yet)
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

LVL 27

Assisted Solution

by:Asta Cu
Asta Cu earned 2000 total points
ID: 10849404
Many more having this problem, per this:

A security update is available that modifies the default behavior of Internet Explorer for handling user information in HTTP and in HTTPS URLs
LVL 27

Assisted Solution

by:Asta Cu
Asta Cu earned 2000 total points
ID: 10849410
More IE 6 authentication issues, since end-user environments are so variable; you can pick and choose here for applicability to your environment.  I apologize for the multiple entries here, my mind works in phases when I'm rushed and keep thinking of other possibilities "after" hitting the submit buttons.  Please forgive these.

My final post for the day, with good luck.

Author Comment

ID: 10856484
Hi astaec,

The article you pointed to:  http://support.microsoft.com/default.aspx?scid=kb;en-us;834489  seems to be the one, because I did run windows update recently, and then the problems began.  (aren't they supposed to FIX things??? *sigh*)

The article shows a way to disable the new feature, but I added the registry entries and it did not seem to work.  Any other suggestions?
LVL 27

Expert Comment

by:Asta Cu
ID: 10860617
Drat!  The workarounds in the link did not work?  Hmmm  I'll need to think about this a bit more and research a bit more when I return from work (hopefully this evening)... or when time permits.  Long week 4 me.  Thse are but a few.... of the workarounds and cut/paste from the link above.......

Workarounds for users
URLs that are opened by users who type the URL in the Address bar or click a link
If users typically type HTTP or HTTPS URLs that include user information in the Address bar, or click links that include user information in HTTP or HTTPS URLs, you can work around this new functionality in Internet Explorer in two ways:
Do not include user information in HTTP or HTTPS URLs.
Instruct users not to include their user information when they type HTTP or HTTPS URLs.
If the Web site uses the basic authentication method, Internet Explorer automatically prompts users for a user name and a password. In some cases, users can click the Remember my password box in the dialog box to save their credentials for later visits to that Web site.
Workarounds for application and Web site developers
URLs that are opened by objects that call WinInet or Urlmon functions
For objects that use an HTTP or an HTTPS URL that includes user information when they call a WinInet or Urlmon function such as InternetOpenURL, rewrite the object to use one of the following methods to send user information to the Web site:
Use the InternetSetOption function and include the following option flags:
Note For these flags, the InternetSetOption option must have a handle returned by the InternetConnect function. Therefore, if the application uses the InternetOpenUrl function, modify the application to use the InternetConnect, HttpOpenRequest and HttpSendRequest WinInet functions. For additional information about how to use these functions, visit the following Microsoft Web sites:



Use the IAuthenticate Interface. For additional information about how to use the IAuthenticate Interface, visit the following Microsoft Web site:

Note With this workaround, you can open Web sites that the URL-spoofing technique redirects. The whole URL appears, including the redirected location. For example, the following URL appears:

The user still arrives at the redirected Web site. In this example, the user arrives at http://www.example.com.
URLs that are opened by a script that uses credentials for state management
If you include HTTP or HTTPS URLs that contain user information in your scripting code, to manage state information, change your scripting code to use cookies instead of user information. For additional information about how to use cookies to manage state information, visit the following Internet Engineering Task Force (IETF) Web site:

To see an example of how to use Visual Basic to read and write HTTP cookies in an ASP.NET Web program, visit the following Microsoft Web site:

How to disable the new behavior or to use it in other programs
After you install the 832894 security update, you can set registry values to use this new behavior in other programs that host the Web browser control or to disable this new behavior for Windows Explorer and Internet Explorer.
How programs that host the Web browser control can use this new default behavior to handle user information in HTTP or in HTTPS URLs
By default, this new default behavior for handling user information in HTTP or HTTPS URLs applies only to Windows Explorer and Internet Explorer. To use this new behavior in other programs that host the Web browser control, create a DWORD value named SampleApp.exe, where SampleApp.exe is the name of the executable file that runs the program. Set the DWORD value's value data to 1 in one of the following registry keys.
For all users of the program, set the value in the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE

For the current user of the program only, set the value in the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE

Source and here again for more:  http://support.microsoft.com/default.aspx?scid=kb;en-us;834489

AND you set the DWORD?  

I'm really baffled.  Perhaps others will step in here as well, in the interim.



Author Comment

ID: 10860695
This is what I added to my registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Feature Control]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Feature Control]

LVL 27

Accepted Solution

Asta Cu earned 2000 total points
ID: 10913504
Then close, reboot and ok?

Author Comment

ID: 10914507
Nope, hasn't worked since I added the keys.
LVL 27

Expert Comment

by:Asta Cu
ID: 10930083
Drat!  Doing some other research stumbled on these and perhaps they'll be of help here...  

What is your Operating System and version?  My thinking is trying Restore Points if XP or ME prior to the time you noted the problem, but again, unclear.

Introduction to URL Security Zones - http://msdn.microsoft.com/library/default.asp?url=/workshop/security/szone/overview/templates.asp

How to strengthen the security settings for the Local Machine zone in Internet Explorer

How to access a network resource that requires username and password authentication when your user account requires a smart card for interactive logon

There are so many hits on queries relating to your issue and still numerous unknowns in terms of your environment, so will include the result in the hopes you can scan them quickly and choose those which apply for further possibilities.

Author Comment

ID: 11076864

Windows XP - Pro 2002 SP1

IE - 6.0.2800.1106.xpsp2-030422-1633  -  128 bit
      Update Versions:  Sp1; Q832894

Thanks for your suggestions so far, still no go.

Author Comment

ID: 11076993
YAHOO!  I got it.  Was a little wacky, but I had to close all explorer windows, went to ctrl-alt-del and axed the explorer process.  Then restarted the explorer, and ran the registry entry, and it worked.

LVL 27

Expert Comment

by:Asta Cu
ID: 11079540
YAHOO, YAY and a YIPEE!  This one was driving me a little nuts, made no sense but then been there before;  sometimes it's not what is done but the order in which it is done.  Crazy things like this do keep you going, no?  I'm so pleased, thanks for the update and good news.  You're right on!  It was a little wacky.  Had a friend recently with whom I worked to do troubleshooting and what should have worked just did not; the missing ingredient for him was to execute MULTIPLE reboots (6, I think .... go figure, lol).

Thank you also for the fine grade, earthman100.

":0) Asta

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I annotated my article on ransomware somewhat extensively, but I keep adding new references and wanted to put a link to the reference library.  Despite all the reference tools I have on hand, it was not easy to find a way to do this easily. I finall…
In threads here at EE, each comment has a unique Identifier (ID). It is easy to get the full path for an ID via the right-click context menu. However, we often want to post a short link within a thread rather than the full link. This article shows a…
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question