tags:

views:

422

answers:

2
Q: 

[HTTP Basic Auth] Is there a way to force the browser to always pass the Authorization header if credential is already available?

Using Basic Authentication, if the user has already logged in, the browser will include the username/password in the http request in the succeeding http requests ONLY IF it receives a 401 response containing an authentication challenge. Username/password is passed via Authorization header.

Is there a way to force the browser to always include the Authorization header once the user has logged in?

The reason I'm asking for this is that I have a CGI application (separate from the main CGI app that serves my dynamic pages) that should use the Authorization info if present but should not prompt for it if it's not present.

Thanks.

A: 

if the user has already logged in, the browser will include the username/password in the http request in the succeeding http requests ONLY IF it receives a 401 response containing an authentication challenge

This is not the behaviour I see in web browsers; once the browser has received a 401, it always includes the authorization after that. Can you perhaps provide more detail on how to reproduce the problem?

Curt Sampson  2009-05-23 05:23:25
That's actually what I was asking for. The browser would have to receive a 401 response first before it provides the authorization header. I'm asking for a way to have the authorization header included even if the browser hasn't received a 401 response.
teriz  2009-05-23 05:26:12
I see. That's a bit of a tricky problem. Can you tell us what problem would be solved by making this happen, and perhaps we can attack it from another direction?
Curt Sampson  2009-05-23 08:47:17
A: 

One solution would be to expose one handler of your CGI app, that would generate an HTML page that would do an AJAX call, prompting the 401 that would then be responded to by the browser. Would that make sense?

 2009-05-27 08:44:46

related questions

Retrieving HTTP status code from loaded iframe with Javascript
How to specify an authenticated proxy for a python http connection?
Why does HttpCacheability.Private suppress ETags?
How to respond to an alternate URI in a RESTful web service
Is there a reason to use BufferedReader over InputStreamReader when reading all characters?
What would be a good, windows and iis (http) based distributed version control system
Database query representation impersonating file on Windows share?
How do I use NTLM authentication with Active Directory
Process raw HTTP request content
How would you implement FORM based authentication without a backing database?
Reading "chunked" response with HttpWebResponse
Best way to let users download a file from my website: http or ftp
How do I convert a date to a HTTP-formatted date in .Net / C#
What is the best way to upload a file via an HTTP POST with a web form?
How do I stop IIS7 dropping my cookies?
Checking FTP status codes with a PHP script.
HTTP Libraries for Emacs
Accessing post variables using Java Servlets
HTTP: Generating ETag Header
HTTP: How to know when to send a 304 Not Modified response
How do I best detect an ASP.NET expired session?
How can I make the browser see CSS and Javascript changes?
How to curl or wget a web page?
The Definitive Guide To Website Authentication
Implementation of "Remember me" in a Rails application.