Link to home
Start Free TrialLog in
Avatar of drlaw

asked on

how do I redirect from one page to another using javascript and/or jquery and basic authentication


I need to redirect a user from one web page to a page hosted on a different server secured using basic authentication over SSL.  From the first page, I want to pass the username/password in the header using basic authentication. The intent is to try and provide a single sign on type feel. I don't want the user being prompted for credentials when they hit the second page, thus passing the credentials in the header.

username@password in the url will no longer work with many browsers.

I'm open to any method of doing this as long as the user is not prompted for credentials. The authentication must happen at the server level, not the application level.

Thanks in advance for any help.
Avatar of Dave Baldwin
Dave Baldwin
Flag of United States of America image

When you 'redirect' the browser in any method, all you have to work with is the URL.  And for it to work at the 'server' level, you have to have the 'basic authentication' already set up on the server.
You have to do this in two steps and in server side code.

1 -  Use the HttpWebRequest to call the page you want to transfer to. When you make this call, you set any basic authorisation headers that are needed. If you are expecting, create a cookie container there as well. Something like:
var webRequest = (HttpWebRequest)WebRequest.Create(url);
string authorization = "username" + ":" + "Password";
byte[] binaryAuthorization = System.Text.Encoding.UTF8.GetBytes(authorization);
authorization = Convert.ToBase64String(binaryAuthorization);
autorization = "Basic " + autorization;
webRequest.Headers.Add("AUTHORIZATION", autorization);
var webResponse = (HttpWebResponse)webRequest.GetResponse();
if (webResponse.StatusCode != HttpStatusCode.OK) Console.WriteLine("{0}",webResponse.Headers);
//inspect the status code here and check headers and cookies 

using (StreamReader reader = new StreamReader(webResponse.GetResponseStream()))
    string s = reader.ReadToEnd();

Open in new window

2 -  when the call to the https request above returns, you must inspect the response. If it is a 3xx, you will have a Location header. Some websites redirect you on successful login. Some will set cookies on successful authentication and so on. This call merely mimics a sign in. Once you have grabbed the headers and cookies as needed, you can then use this data to redirect the user to the https website
Avatar of drlaw


Hi MilandaT,
    Thanks for your feedback, but I am unclear on how this will reroute the client to the address. All of the code you have provided works on the server level (I can reproduce and get a successfully logged in response in server side code).
    The part I am unclear on is how do I then pass that authentication to the client when they are redirected to the site?

Avatar of drlaw


Hi Dave,
    My apologies for not responding to your comment. Yes basic authentication is set up and works if you physically type in the credential. Both server a and server b on the same domain and we have full control over them.
    Again, sorry for repeating myself in my other question. I am repeating the content of that comment here so MlandaT can see it as well.

Avatar of drlaw


Hi MlandaT,
     To be clear, I am trying to find a way of creating the same effect the old username:password@url syntax used to achieve prior to IE and most major browsers not allowing it any longer. Essentially, I want to achieve a single sign on like feel to a basic authentication by providing the credentials so the user is not prompted to type them in.

Avatar of Mlanda T
Mlanda T
Flag of South Africa image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial