tags:

views:

90

answers:

2
Q: 

How can I automatically answer a password prompt from an embedded item in an (X)HMTL page?

I have written a web page that displays images from several servers on my network via simple img tags with appropriate href values. The servers require authentication before they will send the images.

It works alright, except on first load the page presents the user with a series of password prompts (one for each server). The user can select the "Remember my password" checkbox, and then subsequent refreshes of the page work without prompting, with correctly updated images. That is, until someone closes out the browser, after which a new set of prompts awaits anyone who opens the page again.

All of the credentials needed are known beforehand, and I don't care if someone could read them in the page source, since this page is in a protected part of an internal intranet site. Everyone with access to this page knows the passwords anyway.

The only browser we're allowed to use is IE 7, so I don't care about compatibility with other browsers at the moment.

Is there any way I can use JavaScript (or some other client-side code) to automatically answer those prompts so the user never sees them?

Thanks very much, in advance.

A: 

You can include the authentication in the URL:

<img src="http://paulfisher:tastybacon@internalwebs/path/to/image.png"&gt;

Where, of course, paulfisher is my username and my password is tastybacon.

Paul Fisher  2009-08-19 16:40:31
That stopped working a couple of years ago. It was deemed a security hole.
David  2009-08-19 16:42:48
@David is referring to this: http://support.microsoft.com/kb/834489
Crescent Fresh  2009-08-19 16:56:41
bacon *is indeed* tasty.
Peter Bailey  2009-08-19 17:02:17
A: 

No, javascript can't do this. Here are a couple of options that I've used before to solve this problem:

  1. Change the authentication on the other servers to be either anonymous or integrated.
  2. Proxy in the images: On the server serving the page, add another page that takes in the URL of the remote server. This new page makes a webrequest to the other server and streams the image back. The webrequest can plug in the correct credentials.
  3. Depending on the servers' DNS names, it might be possible to share an authentication cookie across all of the servers. Then you could set up some kind of module on all of the servers to allow the shared authentication.
David  2009-08-19 16:48:23
Thanks for your suggestions.Sadly, my own page is all I really have control over in this scenario. I can't change the behavior of any of the servers, which is why I'm relying on client-side code.Thanks for the idea of the WebRequest, though. I'll play with that and see what I can come up with.
 2009-08-19 22:18:44

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?