Re: Authentication between sites

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 03/22/04 

Date: Sun, 21 Mar 2004 21:45:58 -0600

the header is authorization and value is:
Basic xxxxx

where xxxxx is the Base64 encoded value of the username/password combo, with
the username and password separated by a : character.

I'm not sure if the Base64 encoding is ASCII, UTF8 or UTF16, but I assume it
is one of the first two.

Joe K.

"Paul Glavich [MVP - ASP.NET]" <glav@aspalliance.com-NOSPAM> wrote in
message news:eDeiZ2kDEHA.3664@TK2MSFTNGP10.phx.gbl...
> Basic authentication means that the users credentials are sent in clear
text
> as part of the Http Header. So you could "fake it" by simply inserting
those
> credentials into the Http header, ensuring you have the name-value pair
> matched correctly.
>
> I can't remember off the top of my head what the http header must be
called
> exactly (ie. User or Username) nor the password, but a bit of sniffing
with
> Network Monitor or TCP trace will show you what you need to emulate
> (obviously enable basic auth on a local site and look at the packets when
> you authenticate).
>
> Network monitor is part of the Win2000/2003 Server install but you I am
sure
> you could find it elsewhere and it works fine under other OS's like XP.
You
> do have to add a Network monitor driver to your Network cards driver list
> though.
>
> TCP trace is also good and you can get that here
> http://www.pocketsoap.com/tcptrace/
>
> - Paul Glavich
>
> "Eric Zechman" <zechmane@-NOSPAM-grangeinsurance.com> wrote in message
> news:ewGBFcGDEHA.2576@TK2MSFTNGP11.phx.gbl...
> > I have two sites one and ASP.net site (that I own) and an other asp site
> (that is an other departments). Our users have already logged into my
site,
> they want to see a report on the other site. That other site is using
basic
> authentication, so everytime they go to view that report, it asks them to
> log in again. Is there any way that I can "fake" the log in, or set
> something in the browser to aviod this additional log in? I already know
> who they are to begin with.
> >
> > ---
> > Posted using Wimdows.net NntpNews Component -
> >
> > Post Made from http://www.DotNetJunkies.com/newsgroups Our newsgroup
> engine supports Post Alerts, Ratings, and Searching.
>
>

Relevant Pages

  • OTP with SOAP messages and swing client
    ... At the moment we use a dodgy WS-Security header with username and base64 encoded password in the soap header. ... User requests OTP via some mechanism where they provide username/password, server creates a nonce and a secret and sends it to their pre-configured mobile number via SMS ...
    (Security-Basics)
  • How to extract the NT username from NTLM message?
    ... NT username from the "Authirization:" header that is sent from the ... I configured IIS to use Windows Authentication and disabled ... anonymous access in order to force the client send its credentials. ...
    (microsoft.public.dotnet.framework)
  • Re: .NET WS client connecting to Axis WS - credentials problem
    ... Axis developer said that the blank username was appearing in the http header, ... it sets the credentials when Basic authentication or Windows ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: How to add username and password to a Web Service
    ... username and password. ... Is there a reason why putting username and ... If your web service has more than one operation which has to be secured by ... then putting it in the header keeps them out of the ...
    (microsoft.public.dotnet.framework.webservices)