views:

55

answers:

3

At http://localhost/tmp/ I have a form that asks for the user and password (authentication). After the user posts (hits OK) I want to redirect the user to http://localhost/test/ which uses Apache's Basic AuthType. Happens that the user and password just typed in the form are exactly the credentials to authenticate at http://localhost/test/ What I want is the solution so that the user is not asked for the password in the second address. So far I was able to pass the 'Authorization: Basic "base64_encoded user and password"' with CURL (using GET), and get the response I want (contents of test/index.html, for example). However, that's curl getting the info instead of my browser redirecting there with preauthorization. That is, if I type http://localhost/test/ in the address bar it asks for the password again. Any ideas? Any clarification needed?

A: 

Could you simply set the form submit location to the redirect destionation http://localhost/test/ and take care fo the authentication here?

As an aside, Fiddler is a great tool for debugging this sort of thing

Chris Ballance
No because test/ uses webdav, so I want to pre-authenticate at tmp/ (to do some other stuff) and have test/ already accessible at the time of redirection.
Eduardo
+1  A: 

The problem is that the authorization state is maintained in the browser, and there's no real way to tell the browser it's authorized.

Most systems rely on a Cookie system, but BASIC/DIGEST HTTP AUTH are HTTP headers. So, only the browser can set those.

I should say, for normal every day requests -- you might (I'm not sure) be able to set the headers in an XHR.

Will Hartung
A: 

Will's answer points you in the right direction.

In IE at least, it works to send an XHR request (to some throwaway page) with the Username/Password parameters (in the Open() call) set. Doing that will cache this username and password internally for the browser session, and so when you subsequently visit other pages on the server, the authentication SHOULD automatically happen for those pages.

I can't say if this trick works in other browsers or not.

EricLaw -MSFT-