Setting the HTTP Authorization header from Javascript

Posted on 2005-04-19
Last Modified: 2012-06-27
If a web server returns an error 401 (Unauthorized) the web browser will prompt the user for a user name and password and then retry the operation with an "Authorization" header added to the request. In subsequent requests to the same web site, the browser will include the proper Authorization header.

Is it possible from Javascript to inform the web browser about which Authorization header it should use in future access to a specific web server, so that the user will not be prompted for a user name and password?

Alternatively, is it possible from Javascript to force the user to type a user name and password BEFORE the first attempt is made to access the protected web page?

(No, I'm not trying to hack anything. But I have to use an ActiveX component that accesses a web site which requries that Authorization information is present before the ActiveX component is launched.)
Question by:cto
    LVL 15

    Expert Comment

    No, not with javascript. You could possible do it with ASP or some server language, but this isn't functionality that is normal for javascript.

    Author Comment

    I'm confused now. How could a server language force anything into the web browser, if it cannot be stored in the web browser through HTML with appropriate scripting?

    Let me give some more information about my problem:

    I have an internet camera which contains a web server. When you connect to that server, you will be able to configure the camera and view its images. The web browser is required to use the "Authorization" header when accessing the camera.

    The images from the camera are viewable through an ActiveX component. Now, I want to embed that information in my own web pages (rather than the web pages from the camera). I can easily launch the ActiveX component from my own web pages, but then access to the camera will not include the Authorization header.

    If I first access the camera's web server, and thereafter access my own web page, the ActiveX component works fine (because the web browser now knows which Authorization information to send), but that is very impractical. So I'd like some way to use the ActiveX component from my web page without first having to go to the camera's web server.
    LVL 63

    Accepted Solution

    You cannot controll the basic authentication user credentials sent by browser with every request to the server.
    All you can do is to extend the url to contain the credentials, but then are username and password visable in the url.
    The syntax for username and password is this:


    That will not work as soon as your username or password contain special characters like blanks, slashes or colons.

    LVL 15

    Expert Comment

    You could add a header with ASP

    "The AddHeader method adds a new named HTTP header with a specific value to the HTTP response. Note that once a header has been added, it cannot be removed. This method must be called before any output is sent to the client unless the Response.Buffer is set to true. "

    but like I said, thier is no way to do it via javascript.


    Author Comment


    Adding an HTTP header to the HTTP *response* is irrelevant. I want to add a header to the HTTP *request*.

    Expert Comment

    You can do this, not easily, with an XML request to first authenticate, then use JavaScipt.
    I'd HIGHLY recommend using a UI package like Yahoo UI.

    I heard you can use:
    XMLHttpRequest.setRequestHeader(sName, sValue)

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Suggested Solutions

    Title # Comments Views Activity
    gzip in express of nodejs 12 41
    JS in Chrome 2 26
    JS error 10 30
    Does ajax call keeps an open connection to the server 2 41
    Article by: DanRollins
    This article describes a JavaScript program that creates a maze made of hexagonal cells.  In Part 2 (, we'll extend the program by adding a depth-…
    The task A number given should be formatted for easy reading by separating digits into triads. Format must be made inline via JavaScript, i.e., frameworks / functions are not welcome. So let’s take a number like this “12345678.91¿ and format i…
    The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
    The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now