how do I redirect from one page to another using javascript and/or jquery and basic authentication


I need to redirect a user from one web page to a page hosted on a different server secured using basic authentication over SSL.  From the first page, I want to pass the username/password in the header using basic authentication. The intent is to try and provide a single sign on type feel. I don't want the user being prompted for credentials when they hit the second page, thus passing the credentials in the header.

username@password in the url will no longer work with many browsers.

I'm open to any method of doing this as long as the user is not prompted for credentials. The authentication must happen at the server level, not the application level.

Thanks in advance for any help.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave BaldwinFixer of ProblemsCommented:
When you 'redirect' the browser in any method, all you have to work with is the URL.  And for it to work at the 'server' level, you have to have the 'basic authentication' already set up on the server.
You have to do this in two steps and in server side code.

1 -  Use the HttpWebRequest to call the page you want to transfer to. When you make this call, you set any basic authorisation headers that are needed. If you are expecting, create a cookie container there as well. Something like:
var webRequest = (HttpWebRequest)WebRequest.Create(url);
string authorization = "username" + ":" + "Password";
byte[] binaryAuthorization = System.Text.Encoding.UTF8.GetBytes(authorization);
authorization = Convert.ToBase64String(binaryAuthorization);
autorization = "Basic " + autorization;
webRequest.Headers.Add("AUTHORIZATION", autorization);
var webResponse = (HttpWebResponse)webRequest.GetResponse();
if (webResponse.StatusCode != HttpStatusCode.OK) Console.WriteLine("{0}",webResponse.Headers);
//inspect the status code here and check headers and cookies 

using (StreamReader reader = new StreamReader(webResponse.GetResponseStream()))
    string s = reader.ReadToEnd();

Open in new window

2 -  when the call to the https request above returns, you must inspect the response. If it is a 3xx, you will have a Location header. Some websites redirect you on successful login. Some will set cookies on successful authentication and so on. This call merely mimics a sign in. Once you have grabbed the headers and cookies as needed, you can then use this data to redirect the user to the https website
drlawAuthor Commented:
Hi MilandaT,
    Thanks for your feedback, but I am unclear on how this will reroute the client to the address. All of the code you have provided works on the server level (I can reproduce and get a successfully logged in response in server side code).
    The part I am unclear on is how do I then pass that authentication to the client when they are redirected to the site?

Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

drlawAuthor Commented:
Hi Dave,
    My apologies for not responding to your comment. Yes basic authentication is set up and works if you physically type in the credential. Both server a and server b on the same domain and we have full control over them.
    Again, sorry for repeating myself in my other question. I am repeating the content of that comment here so MlandaT can see it as well.

drlawAuthor Commented:
Hi MlandaT,
     To be clear, I am trying to find a way of creating the same effect the old username:password@url syntax used to achieve prior to IE and most major browsers not allowing it any longer. Essentially, I want to achieve a single sign on like feel to a basic authentication by providing the credentials so the user is not prompted to type them in.

Hi drlaw.

I hear you. The next step after the HttpWebRequest, is to read the cookies from the HttpWebRequest (Assuming that there is session information or something stored in the cookies). We then need to pass these cookies to the Reponse objects before we do the redirect.
foreach (Cookie c in request.CookieContainer.GetCookies(request.RequestUri))
    Console.WriteLine("Cookie['" + c.Domain + @"\" + c.Name + "']: " + c.Value);
    Response.Cookies.Add(c); /*this we need to test, but this attempts to add the cookies to our resposnse object*/
Response.Redirect("the new site");

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.