cto
asked on
Setting the HTTP Authorization header from Javascript
If a web server returns an error 401 (Unauthorized) the web browser will prompt the user for a user name and password and then retry the operation with an "Authorization" header added to the request. In subsequent requests to the same web site, the browser will include the proper Authorization header.
Is it possible from Javascript to inform the web browser about which Authorization header it should use in future access to a specific web server, so that the user will not be prompted for a user name and password?
Alternatively, is it possible from Javascript to force the user to type a user name and password BEFORE the first attempt is made to access the protected web page?
(No, I'm not trying to hack anything. But I have to use an ActiveX component that accesses a web site which requries that Authorization information is present before the ActiveX component is launched.)
Is it possible from Javascript to inform the web browser about which Authorization header it should use in future access to a specific web server, so that the user will not be prompted for a user name and password?
Alternatively, is it possible from Javascript to force the user to type a user name and password BEFORE the first attempt is made to access the protected web page?
(No, I'm not trying to hack anything. But I have to use an ActiveX component that accesses a web site which requries that Authorization information is present before the ActiveX component is launched.)
No, not with javascript. You could possible do it with ASP or some server language, but this isn't functionality that is normal for javascript.
ASKER
I'm confused now. How could a server language force anything into the web browser, if it cannot be stored in the web browser through HTML with appropriate scripting?
Let me give some more information about my problem:
I have an internet camera which contains a web server. When you connect to that server, you will be able to configure the camera and view its images. The web browser is required to use the "Authorization" header when accessing the camera.
The images from the camera are viewable through an ActiveX component. Now, I want to embed that information in my own web pages (rather than the web pages from the camera). I can easily launch the ActiveX component from my own web pages, but then access to the camera will not include the Authorization header.
If I first access the camera's web server, and thereafter access my own web page, the ActiveX component works fine (because the web browser now knows which Authorization information to send), but that is very impractical. So I'd like some way to use the ActiveX component from my web page without first having to go to the camera's web server.
Let me give some more information about my problem:
I have an internet camera which contains a web server. When you connect to that server, you will be able to configure the camera and view its images. The web browser is required to use the "Authorization" header when accessing the camera.
The images from the camera are viewable through an ActiveX component. Now, I want to embed that information in my own web pages (rather than the web pages from the camera). I can easily launch the ActiveX component from my own web pages, but then access to the camera will not include the Authorization header.
If I first access the camera's web server, and thereafter access my own web page, the ActiveX component works fine (because the web browser now knows which Authorization information to send), but that is very impractical. So I'd like some way to use the ActiveX component from my web page without first having to go to the camera's web server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You could add a header with ASP
"The AddHeader method adds a new named HTTP header with a specific value to the HTTP response. Note that once a header has been added, it cannot be removed. This method must be called before any output is sent to the client unless the Response.Buffer is set to true. "
http://devguru.com/Technologies/asp/quickref/response_addheader.html
but like I said, thier is no way to do it via javascript.
"The AddHeader method adds a new named HTTP header with a specific value to the HTTP response. Note that once a header has been added, it cannot be removed. This method must be called before any output is sent to the client unless the Response.Buffer is set to true. "
http://devguru.com/Technologies/asp/quickref/response_addheader.html
but like I said, thier is no way to do it via javascript.
ASKER
Justinbillig,
Adding an HTTP header to the HTTP *response* is irrelevant. I want to add a header to the HTTP *request*.
Adding an HTTP header to the HTTP *response* is irrelevant. I want to add a header to the HTTP *request*.
You can do this, not easily, with an XML request to first authenticate, then use JavaScipt.
I'd HIGHLY recommend using a UI package like Yahoo UI.
I heard you can use:
XMLHttpRequest.setRequestH
I'd HIGHLY recommend using a UI package like Yahoo UI.
I heard you can use:
XMLHttpRequest.setRequestH