Basic Authentication

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • =?Utf-8?B?d2NtY2FsaXN0ZXI=?=
    #1

    Basic Authentication

    Hello all,

    I have a c# web application that is supposed to redirect the user to another
    website that is basically a black box to me. All I know is that it uses
    basic authentication and that when you go to the default page, an
    authentication window pops up for you to enter the login and password. In
    this case, I know the username and password for the application and little
    else.

    Our original solution was to simply redirect to the website using this format:
    Response.Redire ct("http://username:passwo rd@www.url.com" );

    This worked fine for awhile, but now IE is no longer allowing this because
    it is really insecure (really!).

    I have found a few places that indicate that I can add headers to the
    response with Base64 encoded loginID and passwords. This doesn't seem to be
    working at all for me. It's like I'm not passing anything at all.

    Does anyone out there have any ideas?

    Thanks,
    Bill

    PS, I know that basic authentication is really insecure. Unfortunately,
    this isn't my application and I can't rewrite it.

    Tags: None
    • parez
      #2
      Re: Basic Authentication

      On Jun 10, 4:22 pm, wcmcalister
      <wcmcalis...@di scussions.micro soft.comwrote:
      Hello all,
      >
      I have a c# web application that is supposed to redirect the user to another
      website that is basically a black box to me. All I know is that it uses
      basic authentication and that when you go to the default page, an
      authentication window pops up for you to enter the login and password. In
      this case, I know the username and password for the application and little
      else.
      >
      Our original solution was to simply redirect to the website using this format:
      Response.Redire ct("http://username:passw. ..@www.url.com" );
      You could a try a server.transer.
      This worked fine for awhile, but now IE is no longer allowing this because
      it is really insecure (really!).
      >
      I have found a few places that indicate that I can add headers to the
      response with Base64 encoded loginID and passwords. This doesn't seem to be
      working at all for me. It's like I'm not passing anything at all.
      I dont think the headers idea would work because your client would
      have to initial the request.
      Does anyone out there have any ideas?
      >
      Thanks,
      Bill
      >
      PS, I know that basic authentication is really insecure. Unfortunately,
      this isn't my application and I can't rewrite it.

        Comment

        • =?Utf-8?B?TXVkYXNzYXIgSGFzc2Fu?=
          #3
          Re: Basic Authentication


          Cookies can solve you problem, excryspt username and password and place them
          in in cookies and pass some reference to the client, the client then using
          this reference will access the cookie and then decrypt the login credential
          for verification.

          Regards,
          Mudassar Hassan
          Microsoft Dynamics Blog
          http://mudassarhassan.spaces.live.com/
          Technical endeavors to Microsoft Dynamics 365, Dynamics CRM, Azure and SharePoint



          "parez" wrote:
          On Jun 10, 4:22 pm, wcmcalister
          <wcmcalis...@di scussions.micro soft.comwrote:
          Hello all,

          I have a c# web application that is supposed to redirect the user to another
          website that is basically a black box to me. All I know is that it uses
          basic authentication and that when you go to the default page, an
          authentication window pops up for you to enter the login and password. In
          this case, I know the username and password for the application and little
          else.

          Our original solution was to simply redirect to the website using this format:
          Response.Redire ct("http://username:passw. ..@www.url.com" );
          >
          You could a try a server.transer.
          >
          This worked fine for awhile, but now IE is no longer allowing this because
          it is really insecure (really!).

          I have found a few places that indicate that I can add headers to the
          response with Base64 encoded loginID and passwords. This doesn't seem to be
          working at all for me. It's like I'm not passing anything at all.
          >
          I dont think the headers idea would work because your client would
          have to initial the request.
          >
          Does anyone out there have any ideas?

          Thanks,
          Bill

          PS, I know that basic authentication is really insecure. Unfortunately,
          this isn't my application and I can't rewrite it.
          >
          >

            Comment

            Previous template Next
            Working...