HTTP basic authentication in javascript, jquery or django?
-
24-05-2021 - |
Question
I'm developing a web app (A) that serves as a "front-end" to another website (B), which requires a basic HTTP authentication (i.e., the kind that pops up and asks for a username and password).
In my web app, each user will already have his username and password for B stored as part of his account for A. However, the first time the user tries to access a resource in B from A, it prompts for the username and password (but then doesn't have to anymore for the rest of the session). I want it to be so that the user never has to explicitly enter his credentials (since they are already stored in his account).
Using javascript/jquery or some Django code, is it possible to pre-emptively authenticate this user behind the scenes, for example when they log in to A? It should just be a simple matter of sending a request to some resource in B with the username and password, therefore
Thanks, I hope this question is clear.
Solution
I believe you can stick that straight in the URL.
OTHER TIPS
jQuery ajax() method supports HTTP authentication with options "username" and "password".
If the server performs HTTP authentication before providing a response, the user name and password pair can be sent via the username and password options.
B. VB.:
It should just be a simple matter of sending a request to some resource in B with the username and password
I didn't test, but it's definitively worth a try. Probably as long as the server authorized the client then it should not prompt it for credentials again so that's worth a try.
The short answer is, you probably can't do this without introducing a common authentication / security token sharing etc. mechanism that involves the B backend.
Since B is probably a different origin, the Same Origin Policy will prevent you from making a request to B from a page that's served from A.
If you're able to change the B backend, you could make a JSONP request (i.e. not basic authentication via HTTP headers) to B from a page on A when the user logs in to A.
Also see http://en.wikipedia.org/wiki/Single_sign-on for inspiration for different solutions.