2 Replies Latest reply on Feb 21, 2007 6:59 AM by insuractive

    Passing Basic Authentication Variables

    inetrc
      I am trying to redirect the user from one of our servers to another that user basic authentication. Can anyone give me guidance on how I can pass the authentication header to the redirected page so I don't have to have the user login again when redirected to that server? I already have the users name and password and can successfully use CFHTTP to get the authenticated page on the other server. But how do I redirect them there now without having the basic-authentication login box pop up again?

      Thank you!

      -Alex
        • 1. Re: Passing Basic Authentication Variables
          Level 7
          >I am trying to redirect the user from one of our servers to another that
          >user
          > basic authentication. Can anyone give me guidance on how I can pass the
          > authentication header to the redirected page so I don't have to have the
          > user
          > login again when redirected to that server? I already have the users name
          > and
          > password and can successfully use CFHTTP to get the authenticated page on
          > the
          > other server. But how do I redirect them there now without having the
          > basic-authentication login box pop up again?

          The easiest way I can think of is to create a page that takes the
          information and places it in a form with the action set to the page that
          processes the login on the other server. Then use some js to "auto-submit"
          the form on page load.


          --
          Bryan Ashcraft (remove brain to reply)
          Web Application Developer
          Wright Medical Technology, Inc.
          ------------------------------------------------------------------
          Macromedia Certified Dreamweaver Developer
          Adobe Community Expert (DW) :: http://www.adobe.com/communities/experts/


          • 2. Re: Passing Basic Authentication Variables
            insuractive Level 3
            Bash's idea is the way to go - The problem with using CFHTTP is it doesn't set the CF session cookie on the client's machine, which is what the other server would use to determine what session to associate the user with. No session = no login. Sending the data via a hidden form, however, would work since you are basically just redirecting the client to the other server and letting the other server validate as usual.