how do I redirect from one page to another using javascript and/or jquery and basic authentication
I need to redirect a user from one web page to a page hosted on a different server secured using basic authentication over SSL. From the first page, I want to pass the username/password in the header using basic authentication. The intent is to try and provide a single sign on type feel. I don't want the user being prompted for credentials when they hit the second page, thus passing the credentials in the header.
username@password in the url will no longer work with many browsers.
I'm open to any method of doing this as long as the user is not prompted for credentials. The authentication must happen at the server level, not the application level.
Thanks in advance for any help.
1 - Use the HttpWebRequest to call the page you want to transfer to. When you make this call, you set any basic authorisation headers that are needed. If you are expecting, create a cookie container there as well. Something like:
var webRequest = (HttpWebRequest)WebRequest.Create(url);
string authorization = "username" + ":" + "Password";
byte[] binaryAuthorization = System.Text.Encoding.UTF8.GetBytes(authorization);
authorization = Convert.ToBase64String(binaryAuthorization);
autorization = "Basic " + autorization;
webRequest.Headers.Add("AUTHORIZATION", autorization);
var webResponse = (HttpWebResponse)webRequest.GetResponse();
if (webResponse.StatusCode != HttpStatusCode.OK) Console.WriteLine("{0}",webResponse.Headers);
//inspect the status code here and check headers and cookies
using (StreamReader reader = new StreamReader(webResponse.GetResponseStream()))
{
string s = reader.ReadToEnd();
Console.WriteLine(s);
reader.Close();
}
2 - when the call to the https request above returns, you must inspect the response. If it is a 3xx, you will have a Location header. Some websites redirect you on successful login. Some will set cookies on successful authentication and so on. This call merely mimics a sign in. Once you have grabbed the headers and cookies as needed, you can then use this data to redirect the user to the https website http://www.codeproject.com/Articles/49243/Handling-Cookies-with-Redirects-and-HttpWebRequest
Thanks for your feedback, but I am unclear on how this will reroute the client to the address. All of the code you have provided works on the server level (I can reproduce and get a successfully logged in response in server side code).
The part I am unclear on is how do I then pass that authentication to the client when they are redirected to the site?
Thanks,
My apologies for not responding to your comment. Yes basic authentication is set up and works if you physically type in the credential. Both server a and server b on the same domain and we have full control over them.
Again, sorry for repeating myself in my other question. I am repeating the content of that comment here so MlandaT can see it as well.
Thanks,
To be clear, I am trying to find a way of creating the same effect the old username:password@url syntax used to achieve prior to IE and most major browsers not allowing it any longer. Essentially, I want to achieve a single sign on like feel to a basic authentication by providing the credentials so the user is not prompted to type them in.
Thanks,
Gain unlimited access to on-demand training courses with an Experts Exchange subscription.
Get AccessWhy Experts Exchange?
Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.
When asked, what has been your best career decision?
Deciding to stick with EE.
Being involved with EE helped me to grow personally and professionally.
Did You Know?
We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE
Ask ANY Question
Connect with Certified Experts to gain insight and support on specific technology challenges including:
- Troubleshooting
- Research
- Professional Opinions
Join our community and discover your potential
Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.
*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.