Re: How to pass user credentials to IE
- From: "David Wang" <w3.4you@xxxxxxxxx>
- Date: 16 Apr 2007 03:00:33 -0700
On Apr 15, 9:27 pm, k...@xxxxxxxxxx wrote:
On Apr 14, 6:43 am, "David Wang" <w3.4...@xxxxxxxxx> wrote:
No longer possible for IE to automatically pass server-configured
username:password back to the server. That was deemed a security
vulnerability a few years ago and disallowed on IE with a security
patch and RegKey control.
You can try creating a vdir pointing to your Web application on IIS
with only Anonymous authentication enabled and set the Anonymous user
to be the specific user credential your application needs. Then make
your application call this vdir instead. This allows any anonymous
user to access your Web application, which may/not be what you want.
Basically, you need a custom "many-to-one" authentication mapping, and
since IIS does not come with any modules supporting it by default (but
it can and has been built by others), you have to implement it
somewhere on IIS. IIS only supports any-to-one (Anonymous) and one-to-
one (all other authentication protocols).
On Apr 13, 1:15 am, k...@xxxxxxxxxx wrote:
My application needs to call a IIS web based application that requires
Windows based authentication. The user credentials that our
application will use is not the same as the user logged onto the
workstation. When calling the web page, IE prompts for a user ID and
password. I would like to know how I can pass the user credentials to
IE to avoid the browser prompt. My application is a Windows client
Thanks- Hide quoted text -
- Show quoted text -
My problem is the web application that I need to logon to is a third
party application which I don't have control over it. The credentials
are provided by the users and I just use it to logon to the web
application. Also the anonymous logon is not the way we want.
I thought it has been a few years now so there might be some way to
get around this.
Kanes- Hide quoted text -
- Show quoted text -
It doesn't matter how long you wait. What you want is for the browser
to auto-authenticate with a user account of your choosing, and that
will likely never happen.
It used to be possible for the web application to pass
username:password on the URL, but that turned out to be a security
vulnerability as well.
In your situation, there is no way to avoid users having to type in
the additional password unless you have the application either accept
pass-thru authentication or do some sort of many-to-one mapping
yourself. It's just not secure to have it happen "automagically", so I
wouldn't hold my breath waiting.