We help IT Professionals succeed at work.

how do I redirect from one page to another using javascript and/or jquery and basic authentication

2,347 Views
Last Modified: 2016-05-17
Hello,

I need to redirect a user from one web page to a page hosted on a different server secured using basic authentication over SSL.  From the first page, I want to pass the username/password in the header using basic authentication. The intent is to try and provide a single sign on type feel. I don't want the user being prompted for credentials when they hit the second page, thus passing the credentials in the header.

username@password in the url will no longer work with many browsers.

I'm open to any method of doing this as long as the user is not prompted for credentials. The authentication must happen at the server level, not the application level.

Thanks in advance for any help.
Comment
Watch Question

Dave BaldwinFixer of Problems
CERTIFIED EXPERT
Most Valuable Expert 2014

Commented:
When you 'redirect' the browser in any method, all you have to work with is the URL.  And for it to work at the 'server' level, you have to have the 'basic authentication' already set up on the server.
CERTIFIED EXPERT

Commented:
You have to do this in two steps and in server side code.

1 -  Use the HttpWebRequest to call the page you want to transfer to. When you make this call, you set any basic authorisation headers that are needed. If you are expecting, create a cookie container there as well. Something like:
var webRequest = (HttpWebRequest)WebRequest.Create(url);
string authorization = "username" + ":" + "Password";
byte[] binaryAuthorization = System.Text.Encoding.UTF8.GetBytes(authorization);
authorization = Convert.ToBase64String(binaryAuthorization);
autorization = "Basic " + autorization;
webRequest.Headers.Add("AUTHORIZATION", autorization);
var webResponse = (HttpWebResponse)webRequest.GetResponse();
if (webResponse.StatusCode != HttpStatusCode.OK) Console.WriteLine("{0}",webResponse.Headers);
//inspect the status code here and check headers and cookies 

using (StreamReader reader = new StreamReader(webResponse.GetResponseStream()))
{
    string s = reader.ReadToEnd();
    Console.WriteLine(s);
    reader.Close();
}

Open in new window


2 -  when the call to the https request above returns, you must inspect the response. If it is a 3xx, you will have a Location header. Some websites redirect you on successful login. Some will set cookies on successful authentication and so on. This call merely mimics a sign in. Once you have grabbed the headers and cookies as needed, you can then use this data to redirect the user to the https website http://www.codeproject.com/Articles/49243/Handling-Cookies-with-Redirects-and-HttpWebRequest

Author

Commented:
Hi MilandaT,
    Thanks for your feedback, but I am unclear on how this will reroute the client to the address. All of the code you have provided works on the server level (I can reproduce and get a successfully logged in response in server side code).
    The part I am unclear on is how do I then pass that authentication to the client when they are redirected to the site?

Thanks,

Author

Commented:
Hi Dave,
    My apologies for not responding to your comment. Yes basic authentication is set up and works if you physically type in the credential. Both server a and server b on the same domain and we have full control over them.
    Again, sorry for repeating myself in my other question. I am repeating the content of that comment here so MlandaT can see it as well.

Thanks,

Author

Commented:
Hi MlandaT,
     To be clear, I am trying to find a way of creating the same effect the old username:password@url syntax used to achieve prior to IE and most major browsers not allowing it any longer. Essentially, I want to achieve a single sign on like feel to a basic authentication by providing the credentials so the user is not prompted to type them in.

Thanks,
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.