Setting the HTTP Authorization header from Javascript

If a web server returns an error 401 (Unauthorized) the web browser will prompt the user for a user name and password and then retry the operation with an "Authorization" header added to the request. In subsequent requests to the same web site, the browser will include the proper Authorization header.

Is it possible from Javascript to inform the web browser about which Authorization header it should use in future access to a specific web server, so that the user will not be prompted for a user name and password?

Alternatively, is it possible from Javascript to force the user to type a user name and password BEFORE the first attempt is made to access the protected web page?

(No, I'm not trying to hack anything. But I have to use an ActiveX component that accesses a web site which requries that Authorization information is present before the ActiveX component is launched.)
Who is Participating?
ZvonkoConnect With a Mentor Systems architectCommented:
You cannot controll the basic authentication user credentials sent by browser with every request to the server.
All you can do is to extend the url to contain the credentials, but then are username and password visable in the url.
The syntax for username and password is this:


That will not work as soon as your username or password contain special characters like blanks, slashes or colons.

No, not with javascript. You could possible do it with ASP or some server language, but this isn't functionality that is normal for javascript.
ctoAuthor Commented:
I'm confused now. How could a server language force anything into the web browser, if it cannot be stored in the web browser through HTML with appropriate scripting?

Let me give some more information about my problem:

I have an internet camera which contains a web server. When you connect to that server, you will be able to configure the camera and view its images. The web browser is required to use the "Authorization" header when accessing the camera.

The images from the camera are viewable through an ActiveX component. Now, I want to embed that information in my own web pages (rather than the web pages from the camera). I can easily launch the ActiveX component from my own web pages, but then access to the camera will not include the Authorization header.

If I first access the camera's web server, and thereafter access my own web page, the ActiveX component works fine (because the web browser now knows which Authorization information to send), but that is very impractical. So I'd like some way to use the ActiveX component from my web page without first having to go to the camera's web server.
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

You could add a header with ASP

"The AddHeader method adds a new named HTTP header with a specific value to the HTTP response. Note that once a header has been added, it cannot be removed. This method must be called before any output is sent to the client unless the Response.Buffer is set to true. "

but like I said, thier is no way to do it via javascript.

ctoAuthor Commented:

Adding an HTTP header to the HTTP *response* is irrelevant. I want to add a header to the HTTP *request*.
You can do this, not easily, with an XML request to first authenticate, then use JavaScipt.
I'd HIGHLY recommend using a UI package like Yahoo UI.

I heard you can use:
XMLHttpRequest.setRequestHeader(sName, sValue)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.