Do not ask for credentials if user is not authenticated

Asked

Viewed 181 times

9

I have a system with two sites in the same domain. The two sites are in separate folders of the same domain, more or less like this:

http://renan/foo
http://renan/bar

The first site (let’s call it "foo") has a page that accesses data from the other site ("bar") via Ajax. When the user is logged in to both, everything happens as wish. But when the user is logged in only at foo, the browser shows a prompt asking for username and password. Authentication is done via Active Directory and not all users of each site should have access to each other.

I would like it in case the user is logged in to foo nas not in bar, the login prompt did not appear. I wanted to treat it as an error. Is there any way to verify that the system would ask for authentication and prevent the prompt from appearing?

Follow a snippet of the code I’m using for requisition:

$.ajax({
    headers: {
        "accept": "application/json;odata=verbose",
        "content-type": "application/json;odata=verbose"
    },
    type: "GET",
    url: "http://renan/bar/baz",
    beforeSend: function (xhr) {
        xhr.withCredentials = true;
    }
})
javascript ajax

  • Just to clarify: this login prompt is native to the browser (pq vc is using basic HTTP authentication) or is something specific to your website?

  • @hugomg is native to browser.

  • This is a bit tricky, but if when the user logs in, try to log in to both sites, it is not easier to silence the error answer in case he does not have authorization to log in to a site?

  • @Manuelgerardopereira is what I’m trying to do and I don’t know how.

  • Have you tried inspecting the server request headers? You can toggle the response (by issuing an HTTP error status as 500) accordingly.

  • @bfavaretto I do not control the application for which I will request, so I have no way to manipulate the headers of the answer :\

  • What about a HEAD request to find out if you’re authenticated? Then don’t proceed if you’re not.

  • I’m gonna try, thanks :)

  • That HEAD thing worked?

  • @Daniel I no longer have the environment to test =(

  • 1

    @Daniel however, I found a similar question in the OS: https://stackoverflow.com/questions/26545126/ithit-ajax-file-browser-active-directory-webdav-auto-login

Show 6 more comments

2 answers

4

I’ve had similar problems...

Unfortunately after long lost searching for a solution, I came to the conclusion that I had nothing to do because - in my case - it is a windows authentication, managed by the application pool.

I had the option to change the whole login mechanism and make my applications manage the authentication - whether by cookie, bank, etc. But since time was short, I decided to put the applications in the same pool.

4

Maybe you can intercept the message with the done jquery ajax method, as follows:

$.ajax({
    headers: {
        "accept": "application/json;odata=verbose",
        "content-type": "application/json;odata=verbose"
    },
    type: "GET",
    url: "http://renan/bar/baz",
    beforeSend: function (xhr) {
        xhr.withCredentials = true;
    }
}).done(function (data) {
    // avoid response and use your own behavior
}).error(function (xhr) {
    // Treat the error.
});

  • I’m already trying this = it asks for credentials before executing these methods. Authenticating falls on done, otherwise falls into fail.

Browser other questions tagged javascript ajax

You are not signed in. Login or sign up in order to post.