问题
I have to transfer my client from one website to another website. This happens in client side. In this 2nd website, its using windows basic authentication system. So It popups the login window. I need to omit this Popup window and authenticate my client on 2nd website using javascript and then redirect him to 2nd website. There is no security issue even I put credentials in javascript file since this whole system is running in Intranet. So How to authenticate client on 2nd website ?
I found this thread How can I pass windows authentication to webservice using jQuery?
But it does not work. When I look the request header of 2nd url, It does not contain the Authorization tag.
回答1:
If it is basic authentication and you don't mind exposing the credential, why don't you simply insert username and password into the URL? For example:
http://username:password@www.domain.com
But if you have control over the Web server, you really should disable authentication for intranet connections.
回答2:
If it is a Windows based intranet, I would not hassle with Javascript, but use the default NTLM-Authentication, as described in this thread. That way, you can provide a single-sign-on for any number of sites with the normal username and password of the users of your network. To quote my answer from the other thread:
It actually is possible with NTLM authentication. You need the AuthenNTLM-plugin, which will authenticate a user using the Internet Explorer. An example syntax would be
<Location />
PerlAuthenHandler Apache::AuthenNTLM
AuthType ntlm,basic
AuthName test
require valid-user
# domain pdc bdc
PerlAddVar ntdomain "name_domain1 name_of_pdc1"
PerlAddVar ntdomain "other_domain pdc_for_domain bdc_for_domain"
PerlSetVar defaultdomain wingr1
PerlSetVar ntlmdebug 1
</Location>
## taken from the documentation
Please refer to the module documentation for more options and specific instructions on the setup - the above should get you started in the right direction.
On the client side, Internet Explorer and Firefox should be able to login automatically after some configuration (Firefox needing a bit of special care - which may be achieved by setting the configuration variables during deployment).
回答3:
If this is Windows Authentication, then the response won't be prompting the client for credentials, the browser will be attempting to pass the credentials itself already. It does not quite work the way HTTP does -- you actually need to configure the browser itself to to have it send the authorization based on Windows credentials.
It does not appear that there is a simple JS solution to this at all.
来源:https://stackoverflow.com/questions/38305071/is-it-possible-to-authenticate-javascript-username-password-with-active-director