HTTP basic authentication in javascript, jquery or django?

StackOverflow https://stackoverflow.com/questions/9751601

Question

I'm developing a web app (A) that serves as a "front-end" to another website (B), which requires a basic HTTP authentication (i.e., the kind that pops up and asks for a username and password).

In my web app, each user will already have his username and password for B stored as part of his account for A. However, the first time the user tries to access a resource in B from A, it prompts for the username and password (but then doesn't have to anymore for the rest of the session). I want it to be so that the user never has to explicitly enter his credentials (since they are already stored in his account).

Using javascript/jquery or some Django code, is it possible to pre-emptively authenticate this user behind the scenes, for example when they log in to A? It should just be a simple matter of sending a request to some resource in B with the username and password, therefore

Thanks, I hope this question is clear.

Was it helpful?

Solution

I believe you can stick that straight in the URL.

http://user:pass@server.domain.tld/dir/file.ext

OTHER TIPS

jQuery ajax() method supports HTTP authentication with options "username" and "password".

jQuery.ajax() manual:

If the server performs HTTP authentication before providing a response, the user name and password pair can be sent via the username and password options.

B. VB.:

It should just be a simple matter of sending a request to some resource in B with the username and password

I didn't test, but it's definitively worth a try. Probably as long as the server authorized the client then it should not prompt it for credentials again so that's worth a try.

The short answer is, you probably can't do this without introducing a common authentication / security token sharing etc. mechanism that involves the B backend.

Since B is probably a different origin, the Same Origin Policy will prevent you from making a request to B from a page that's served from A.

If you're able to change the B backend, you could make a JSONP request (i.e. not basic authentication via HTTP headers) to B from a page on A when the user logs in to A.

Also see http://en.wikipedia.org/wiki/Single_sign-on for inspiration for different solutions.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top