there
i need to authenticate before request to the url, if i use XMLHTTPRequest, things go fine
var xmlHttp = ...//some code goes here
xmlHttp.Open('POST','http://www.somesite.com/',false,userID,password);
xmlHttp.Send(null);
But if i need to use a form, like below
>var objForm = eval(formString);
>objForm.target='demoFrame'; //where demoFrame is an iFrame in another page
>objForm.action='http://www.somesite.com/';
>objForm.username.value=userID;
>objForm.password.value=password;
>objForm.method='post';
>objForm.submit();
But seems that the objForm cannot use "username" & "password" as the input for authentication, since i keep receiving "authentication failed" message from the host site
Any idea?
Thanks
asked Jul 12, 2011 at 16:34
Leo.W
2991 gold badge7 silver badges21 bronze badges
1 Answer 1
I assume that the other site is using HTTP Basic authentication.
Set the action to 'http://' + userId + ':' + password + '@www.somesite.com/'
answered Jul 12, 2011 at 16:36
SLaks
891k182 gold badges1.9k silver badges2k bronze badges
Sign up to request clarification or add additional context in comments.
4 Comments
Leo.W
i've just try, but failed with no luck
mplungjan
I am pretty sure that is not a) possible in many browsers b) clever since it shows the userid and password in the url
Leo.W
Or is it possible that i use XMLHTTPRequest to open a page in an iframe? If i have to use XMLHTTPRequest to authenticate...
SLaks
@Leo: Depending on the site, that may be possible. Try it.
lang-js
evalin JavaScript so bad? Any user can run what ever JavaScript he wishes in a website anyway using FireBug or an equivalentevalcan allow an attacker to run Javascript on someone else's compute (if he can modify the string beingevald). It's also very slow.