drlaw
asked on
how do I redirect from one page to another using javascript and/or jquery and basic authentication
Hello,
I need to redirect a user from one web page to a page hosted on a different server secured using basic authentication over SSL. From the first page, I want to pass the username/password in the header using basic authentication. The intent is to try and provide a single sign on type feel. I don't want the user being prompted for credentials when they hit the second page, thus passing the credentials in the header.
username@password in the url will no longer work with many browsers.
I'm open to any method of doing this as long as the user is not prompted for credentials. The authentication must happen at the server level, not the application level.
Thanks in advance for any help.
I need to redirect a user from one web page to a page hosted on a different server secured using basic authentication over SSL. From the first page, I want to pass the username/password in the header using basic authentication. The intent is to try and provide a single sign on type feel. I don't want the user being prompted for credentials when they hit the second page, thus passing the credentials in the header.
username@password in the url will no longer work with many browsers.
I'm open to any method of doing this as long as the user is not prompted for credentials. The authentication must happen at the server level, not the application level.
Thanks in advance for any help.
Dave Baldwin
When you 'redirect' the browser in any method, all you have to work with is the URL. And for it to work at the 'server' level, you have to have the 'basic authentication' already set up on the server.
You have to do this in two steps and in server side code.
1 - Use the HttpWebRequest to call the page you want to transfer to. When you make this call, you set any basic authorisation headers that are needed. If you are expecting, create a cookie container there as well. Something like:
2 - when the call to the https request above returns, you must inspect the response. If it is a 3xx, you will have a Location header. Some websites redirect you on successful login. Some will set cookies on successful authentication and so on. This call merely mimics a sign in. Once you have grabbed the headers and cookies as needed, you can then use this data to redirect the user to the https website http://www.codeproject.com/Articles/49243/Handling-Cookies-with-Redirects-and-HttpWebRequest
1 - Use the HttpWebRequest to call the page you want to transfer to. When you make this call, you set any basic authorisation headers that are needed. If you are expecting, create a cookie container there as well. Something like:
var webRequest = (HttpWebRequest)WebRequest.Create(url);
string authorization = "username" + ":" + "Password";
byte[] binaryAuthorization = System.Text.Encoding.UTF8.GetBytes(authorization);
authorization = Convert.ToBase64String(binaryAuthorization);
autorization = "Basic " + autorization;
webRequest.Headers.Add("AUTHORIZATION", autorization);
var webResponse = (HttpWebResponse)webRequest.GetResponse();
if (webResponse.StatusCode != HttpStatusCode.OK) Console.WriteLine("{0}",webResponse.Headers);
//inspect the status code here and check headers and cookies
using (StreamReader reader = new StreamReader(webResponse.GetResponseStream()))
{
string s = reader.ReadToEnd();
Console.WriteLine(s);
reader.Close();
}2 - when the call to the https request above returns, you must inspect the response. If it is a 3xx, you will have a Location header. Some websites redirect you on successful login. Some will set cookies on successful authentication and so on. This call merely mimics a sign in. Once you have grabbed the headers and cookies as needed, you can then use this data to redirect the user to the https website http://www.codeproject.com/Articles/49243/Handling-Cookies-with-Redirects-and-HttpWebRequest
ASKER
Hi MilandaT,
Thanks for your feedback, but I am unclear on how this will reroute the client to the address. All of the code you have provided works on the server level (I can reproduce and get a successfully logged in response in server side code).
The part I am unclear on is how do I then pass that authentication to the client when they are redirected to the site?
Thanks,
Thanks for your feedback, but I am unclear on how this will reroute the client to the address. All of the code you have provided works on the server level (I can reproduce and get a successfully logged in response in server side code).
The part I am unclear on is how do I then pass that authentication to the client when they are redirected to the site?
Thanks,
ASKER
Hi Dave,
My apologies for not responding to your comment. Yes basic authentication is set up and works if you physically type in the credential. Both server a and server b on the same domain and we have full control over them.
Again, sorry for repeating myself in my other question. I am repeating the content of that comment here so MlandaT can see it as well.
Thanks,
My apologies for not responding to your comment. Yes basic authentication is set up and works if you physically type in the credential. Both server a and server b on the same domain and we have full control over them.
Again, sorry for repeating myself in my other question. I am repeating the content of that comment here so MlandaT can see it as well.
Thanks,
ASKER
Hi MlandaT,
To be clear, I am trying to find a way of creating the same effect the old username:password@url syntax used to achieve prior to IE and most major browsers not allowing it any longer. Essentially, I want to achieve a single sign on like feel to a basic authentication by providing the credentials so the user is not prompted to type them in.
Thanks,
To be clear, I am trying to find a way of creating the same effect the old username:password@url syntax used to achieve prior to IE and most major browsers not allowing it any longer. Essentially, I want to achieve a single sign on like feel to a basic authentication by providing the credentials so the user is not prompted to type them in.
Thanks,
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.