Using a query string on a link to pass the username and password.

Posted on 2006-05-25
Medium Priority
Last Modified: 2009-12-16
Is there a way to add a query string to a link so that it will automatically log someone in to a site when they click on the link.  For example:  Internal user on the intranet clicks on a link to say "Experts Exchange".  The link will take them to site and log them in with the company user name and password.  Thank you in advance for your help.
Question by:jsmaling
LVL 10

Expert Comment

ID: 16762773

I'm not sure I understand your question but here's a shot:

Only if the site has a server program that is looking for those query strings and logging people in. No site that I know would ever do that but you might have your own setup in which case it would work (but pretty insecure since login info is rarely not encrypted).

in any case, you can add any name value pairs to a link which can be easily read by the server:
<a href="http://www.test.com/index.html?name1=value1&name2=value2">test link</a>

LVL 30

Expert Comment

ID: 16762784
Login forms are supposed to use POST (not GET), so an url should not work.
But it should be possible to reproduce the login form on your page:
Replace the <input type="text"> with <input type="hidden" value="myvalue">
where "myvalue" correspond to the text you enter in the text input.
Have your form submit to the server's login page and you should be able to login.

Expert Comment

ID: 16763465
if you're using a username and password, the assumption is that you'd want some from of privacy protection. so if you aren't using a form with post/get then you should probably be trying to use a cookie that contains the username/password and set it to expire after x number of hours or days. (with vbscript).

if its just a thing like 'guest' 'general pass' that goes to a lesser protected end of the site (even intranet) then you could do what Oh4cryingOutloud said.
<a href="http://www.test.com/index.html?name1=value1&name2=value2">test link</a>

<a href="file.ext?usr=blah&psw=blah">link</a>

or if anyone can go there anyways, why have with a username/password? just give them a general link maybe?
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 30

Expert Comment

ID: 16764095
Ok, i'll code it:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<style type="text/css">

body {
  background-color: #ddd;
  color: black;


<form method="post" action="http://www.experts-exchange.com/login.jsp">

  <input name="msuLoginName" type="hidden" value="jsmaling">
  <input name="msuPassword" type="hidden" value="%your password goes here%">
  <input name="msuLoginSubmit" type="submit" value="Experts Exchange">



This uses an input to submit the form, but you can replace it with a link if you want, just use javascript to submit your form from the link.
LVL 19

Expert Comment

ID: 16767404
Like a lot of others are saying, you will not find many sites that check for their users using a querystring. I for one, would not visit such a site.

That set aside, you cannot control the other sites (unless they are your own) so there is no way of making sure that you can log in your users automatically. Even IF they would have set up their site to allow logging in using querystring variables, there's still the chance they check for a referrel URL to be their own site, I would do that if it were my site. Again that would render your querystring useless..

So that said, it's possible, but not likely you will get that working.


Accepted Solution

Willibob earned 1000 total points
ID: 16767466
You need to view the source of the page with the login form and then construct your querystring so that it includes all the form fields and relevant values.

Using Experts-Exchange as an example, you could use the following link:


This URL includes all the form fields found on the Experts Exchange log in form.

This relies on sites using the less strict Request("Field") instead of the more strict Request.Form("Field").

Those that do use Request.Form("Field") will not work with the above method.

I have to say that embedding usernames and passwords into querystrings is generally bad practice because your users can either view the source of the page with the link to see the username and password or they may see it in the address bar (if the page doesn't redirect) when they click the link.

Hope this helps


Author Comment

ID: 16771865

The link is going to be internal and we want our users to have the information without having to remember it.  This link actually worked for us.  How would I make it go to the homepage instead of the web development page?
LVL 30

Expert Comment

ID: 16771980
jsmaling, why not using a form?  that's the correct way to do it.

the big problem of sending sensitive data inside an url is that the url gets logged on the webservers, so your password will appear in the webstats reports.  also, if you are not correctly redirected and you click on an new link, that url will be sent as "referrer".

Expert Comment

ID: 16775501
If you get the url of the page you want to redirect to you can use it as the value for the redirectURL key in the querystring. This is specific to the EE site and is unlikely to work on other sites.


Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to write a Context Sensitive Help (an online help that is obtained from a specific point in state of software to provide help with that state) ,  first we need to make the file that contains all topics, which are given exclusive IDs. …
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
In this tutorial viewers will learn how add a scalable full-width header using CSS3. Create a new HTML document with an internal stylesheet. Set a tiled background.:  Create a new div and name it Header. Position it with position:absolute at the top…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question