stackoom
  简体   繁体   中英

Auto authenticate a htaccess (401) username password login

 原文  2014-01-22 17:39:37       javascript/ php/ android/ .htaccess/ authentication

Question

I have a webpage which refreshes every 5 minutes with client details. I have added a username password to it through the basic and standard htaccess and a htpassword file type login system it since part of the file contains company data.

But I need this same webpage to be opened at my work PC which is a secured PC connected to a display screen to display same.

On a power cut or a internet disconnection the PC has a startup file with a shortcut to this webpage so it appears automatically BUT stops from the 401 Authorization login form. So no go until I fill the details.

Is there a way I can keep a file with a php or a javascript or jquery code so it can feed the username password to that and open the webpage (even as a iframe)?

No need to worry about the safety of the file - the PC is locked in a cabinet with only a small set of holes for ventilation and for the display cable coming out to the monitor and another small hole to reach the power button.

If you know to do this on android let me know as well.

Found the answer!! See my post below!

2 answers

solution1
 5  2014-01-24 09:53:03

UPDATE: This answer may no longer work in newer browsers.

Because phishing people use @ and : marks in URL to hide URLs. For example in a URL like www.facebook.com:somelongtext@www.notfacebook.com user will oversee @notfacebook.com part and enter login details to a phishing webpage without noticing the latter. So now either this method will not simply work or either you will see a warning saying this URL maybe a phishing site. So even if it's a private webpage where only you have access to it browser will try its protective mechanisms.

Found the answer!

Can pass it from the URL itself!

http://username:password@www.yourdomain.com

and the content of the url gets hidden after as well Also global compatible as I know!

solution2
 1  2014-01-22 18:08:12

  1. Ditch htaccess/htpasswd
    It's OK for the most basic scenarios, but once you need to go beyond it [ie: your position right now] HTTP auth become a horrible pain in the ass.

  2. Use forms-based authentication
    It takes a little work, but this is probably one of the few things that every single PHP dev should know by heart.

  3. Whitelist your IP range, and use an access token
    You say you can't simply whitelist the IP because it's on DHCP, and that's fine. Find the range that your DHCP server is allocating [eg: 1.2.3.0/24] and configure your forms auth to allow unauthenticated requests when accompanied by a pre-set token.

    eg: requests from 1.2.3.4 are permitted when token is set to d8e8fca2dc0f896fd7cb4cb0031ba249 like:
    http://yourdomain.com/dir/script.php?token=d8e8fca2dc0f896fd7cb4cb0031ba249

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Using JWT to send username, password to authenticate Auto fill webpage username password using Javascript jQuery - failing to submit username password and causing 401 unauthorized How to authenticate a username & password of the user without redirecting to another page? Authenticate on Azure AD with username and password in a Node.js web app getting error in the javascript ,when authenticate the username and password using digest authentication Check username and password in Login Form (jQuery) Enter username and password in login form on a webpage Adding toast in login when password or username is wrong auto login in webview returns blank page with the username
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM