如何以编程方式访问受密码保护的网站?

时间:2021-04-19 23:59:20

Part of our website is protected with .htaccess style password protection. When you try to access this area of the website the web browser pops up a dialog asking for your username and password.

我们网站的一部分受.htaccess风格的密码保护。当您尝试访问该网站的此区域时,Web浏览器会弹出一个对话框,询问您的用户名和密码。

I need to access this programatically (eg with an ajax call). How does the server tell me it needs a password and how do I supply it?

我需要以编程方式访问它(例如使用ajax调用)。服务器如何告诉我它需要密码以及如何提供密码?

4 个解决方案

#1


11  

Basic HTTP authentication:

基本HTTP身份验证:

http://coderseye.com/2007/how-to-do-http-basic-auth-in-ajax.html

http://coderseye.com/2007/how-to-do-http-basic-auth-in-ajax.html

#2


4  

jQuery supports HTTP authentication with their ajax() method. Something like this should work:

jQuery支持使用ajax()方法进行HTTP身份验证。像这样的东西应该工作:

jQuery.ajax({
    type: "GET",
    url: "foo.php",
    username: "foo",
    password: "bar"
});

Documentation on all jQuery.ajax() options can be found here: http://docs.jquery.com/Ajax/jQuery.ajax#options

有关所有jQuery.ajax()选项的文档可以在这里找到:http://docs.jquery.com/Ajax/jQuery.ajax#options

#3


3  

In general, http://user:pass@example.com

通常,http:// user:pass@example.com

But there are some obvious security shortcomings with that.

但是这有一些明显的安全缺陷。

A more complete solution may be to set a Session variable after a user is authenticated.

更完整的解决方案可能是在用户通过身份验证后设置Session变量。

Make the AJAX post to a script that checks authentication. If authenticated, use CURL to fetch the results using a pre-defined authorized account.

将AJAX帖子发送到检查身份验证的脚本。如果已通过身份验证,请使用CURL使用预定义的授权帐户获取结果。

This allows you to re-use basic apache auth but prevents any passwords from being written in the DOM.

这允许您重用基本的apache auth,但可以防止在DOM中写入任何密码。

#4


2  

this is of course not ajax, but with wget client you can use --http-user and --http-password flags

这当然不是ajax,但使用wget客户端,你可以使用--http-user和--http-password标志

#1


11  

Basic HTTP authentication:

基本HTTP身份验证:

http://coderseye.com/2007/how-to-do-http-basic-auth-in-ajax.html

http://coderseye.com/2007/how-to-do-http-basic-auth-in-ajax.html

#2


4  

jQuery supports HTTP authentication with their ajax() method. Something like this should work:

jQuery支持使用ajax()方法进行HTTP身份验证。像这样的东西应该工作:

jQuery.ajax({
    type: "GET",
    url: "foo.php",
    username: "foo",
    password: "bar"
});

Documentation on all jQuery.ajax() options can be found here: http://docs.jquery.com/Ajax/jQuery.ajax#options

有关所有jQuery.ajax()选项的文档可以在这里找到:http://docs.jquery.com/Ajax/jQuery.ajax#options

#3


3  

In general, http://user:pass@example.com

通常,http:// user:pass@example.com

But there are some obvious security shortcomings with that.

但是这有一些明显的安全缺陷。

A more complete solution may be to set a Session variable after a user is authenticated.

更完整的解决方案可能是在用户通过身份验证后设置Session变量。

Make the AJAX post to a script that checks authentication. If authenticated, use CURL to fetch the results using a pre-defined authorized account.

将AJAX帖子发送到检查身份验证的脚本。如果已通过身份验证,请使用CURL使用预定义的授权帐户获取结果。

This allows you to re-use basic apache auth but prevents any passwords from being written in the DOM.

这允许您重用基本的apache auth,但可以防止在DOM中写入任何密码。

#4


2  

this is of course not ajax, but with wget client you can use --http-user and --http-password flags

这当然不是ajax,但使用wget客户端,你可以使用--http-user和--http-password标志