Part of our website is protected with .htaccess style password protection. When you try to access this area of the website the web browser pops up a dialog asking for your username and password.
我们网站的一部分受.htaccess风格的密码保护。当您尝试访问该网站的此区域时,Web浏览器会弹出一个对话框,询问您的用户名和密码。
I need to access this programatically (eg with an ajax call). How does the server tell me it needs a password and how do I supply it?
我需要以编程方式访问它(例如使用ajax调用)。服务器如何告诉我它需要密码以及如何提供密码?
4 个解决方案
#1
11
Basic HTTP authentication:
基本HTTP身份验证:
http://coderseye.com/2007/how-to-do-http-basic-auth-in-ajax.html
http://coderseye.com/2007/how-to-do-http-basic-auth-in-ajax.html
#2
4
jQuery supports HTTP authentication with their ajax() method. Something like this should work:
jQuery支持使用ajax()方法进行HTTP身份验证。像这样的东西应该工作:
jQuery.ajax({
type: "GET",
url: "foo.php",
username: "foo",
password: "bar"
});
Documentation on all jQuery.ajax() options can be found here: http://docs.jquery.com/Ajax/jQuery.ajax#options
有关所有jQuery.ajax()选项的文档可以在这里找到:http://docs.jquery.com/Ajax/jQuery.ajax#options
#3
3
In general, http://user:pass@example.com
通常,http:// user:pass@example.com
But there are some obvious security shortcomings with that.
但是这有一些明显的安全缺陷。
A more complete solution may be to set a Session variable after a user is authenticated.
更完整的解决方案可能是在用户通过身份验证后设置Session变量。
Make the AJAX post to a script that checks authentication. If authenticated, use CURL to fetch the results using a pre-defined authorized account.
将AJAX帖子发送到检查身份验证的脚本。如果已通过身份验证,请使用CURL使用预定义的授权帐户获取结果。
This allows you to re-use basic apache auth but prevents any passwords from being written in the DOM.
这允许您重用基本的apache auth,但可以防止在DOM中写入任何密码。
#4
2
this is of course not ajax, but with wget client you can use --http-user and --http-password flags
这当然不是ajax,但使用wget客户端,你可以使用--http-user和--http-password标志
#1
11
Basic HTTP authentication:
基本HTTP身份验证:
http://coderseye.com/2007/how-to-do-http-basic-auth-in-ajax.html
http://coderseye.com/2007/how-to-do-http-basic-auth-in-ajax.html
#2
4
jQuery supports HTTP authentication with their ajax() method. Something like this should work:
jQuery支持使用ajax()方法进行HTTP身份验证。像这样的东西应该工作:
jQuery.ajax({
type: "GET",
url: "foo.php",
username: "foo",
password: "bar"
});
Documentation on all jQuery.ajax() options can be found here: http://docs.jquery.com/Ajax/jQuery.ajax#options
有关所有jQuery.ajax()选项的文档可以在这里找到:http://docs.jquery.com/Ajax/jQuery.ajax#options
#3
3
In general, http://user:pass@example.com
通常,http:// user:pass@example.com
But there are some obvious security shortcomings with that.
但是这有一些明显的安全缺陷。
A more complete solution may be to set a Session variable after a user is authenticated.
更完整的解决方案可能是在用户通过身份验证后设置Session变量。
Make the AJAX post to a script that checks authentication. If authenticated, use CURL to fetch the results using a pre-defined authorized account.
将AJAX帖子发送到检查身份验证的脚本。如果已通过身份验证,请使用CURL使用预定义的授权帐户获取结果。
This allows you to re-use basic apache auth but prevents any passwords from being written in the DOM.
这允许您重用基本的apache auth,但可以防止在DOM中写入任何密码。
#4
2
this is of course not ajax, but with wget client you can use --http-user and --http-password flags
这当然不是ajax,但使用wget客户端,你可以使用--http-user和--http-password标志