I currently need to access an API that is set up in an staging environment on an Apache web server but the web server throws up a username/password dialog when browsing to the API url. Unfortunately I do not have access or control over the behavior of this web server.
Is it possible to programmatically send the username and password to an Apache web server?
You have ran into Basic Access Authentication. You just need to pass the username and password as part of the URL:
http://username:password#url.com/page.html
Use the following:
http://user:pass#domain.tld/path
Have you tried sending the Authorization header incorporating the base-64-encoded credentials as part of the HTTP request as described in the linked Wikipedia article?
Related
I am trying to request data from a uri in the form "https://link.sharepoint.com/sites/0001/_api/link" that requires to log in into your windows account to have access.
To test I started using Postman but can't figure out how to use Windows Auth for the request.
Thanks
Hi you should use NTLM authentication
Workstation is your computer hostname and domain is your domain used for windows authetication you can see it in internet explore when authentication pop up comes up
In username passord fields provide the credential you use for login to system
I've got two websites on iis website A and webiste B. They are running as identity UserA and UserB both local windows users.
I sent request from website A to website B. I want to authorize is request send by UserA. Can use windows authentication to do that?
I sent request from website A to website B.
Could you please tell me how you send the request from website A to B? Using hyperlink or httprequest library?
As far as I know, if you send the request from website A to website B by using httprequest library it will not auto add the user if you don't write special codes to add the username and password.
If you have enable the windows authentication in the website B, you should firstly write the codes to add the user name and password or auth token in web site A when sending request. Then you could get the user name according to the request.
If you have enabled the SSO for windows auth, you could get the username according to the current token.
About how to enable the SSO, you could refer to below article.
https://active-directory-wp.com/docs/Networking/Single_Sign_On/SSO_with_IIS_on_Windows.html
I'd like to know how to authenticate users in Lotus Domino 8.5.3 through Domino Data Service REST API.
I can see in the documentation the "Request header value for authorization", and it says:
Other headers may be required for authorization depending on the
security imposed by the Domino server.
I haven't found information about the "other headers". Anybody knows how to authenticate? Should we create a cookie and send it in every request header?
Domino supports three forms of authentication:
Basic authentication (header-based)
Session authentication (cookie-based)
Certificate authentication (X.509-based)
You can distinguish them by attempting to open a protected database on the server in your browser. If you get a built-in dialog box from your browser asking for name and password, it's basic. If you get an actual web page in the browser asking for name and password, it's session. If you get challenged by a dialog asking for you to select a certificate from your browser's key store, it's certificate. (Of course, you can also fire up the Domino Administrator client and just look at the relevant configuration documents for the server to figure this out.)
For Basic authentication, every request you send must included a header as described here.
For session authentication, you will need to send a cookie. There are actually two different cookie formats, depending on whether the Domino server has been set up for single server or multi-server (SSO) session authentication. To get the value of the cookie, you will need to emulate an actual user login by POSTing a form containing the name and password, and reading the cookie value that is returned after your successful POST. (You can get the details of the form that you have to POST by studying the HTML that is returned to you in a browser when you attempt to log on manually.)
For certificate authentication, well... that's probably too complex a topic to address here.
In the section "Specifying request headers" of the "Domino Data Service User Guide and Reference" they mention the http header "Authorization":
Authorization username:password (must be encoded)
It says "must be encoded" but don't mention what kind of enconding. It's Base64 encoding and you can use in javascript atob() and btoa() functions to encode and decode.
If you user is "john" and you password is "p455w0rd", you must encode the string "john:p455w0rd" (include the colon, and you can do that with: btoa("john:p455w0rd") ) and add "Basic" as a prefix if your authentication is basic:
Authorization:Basic am9objpwNDU1dzByZA==
That's it.
We have OSB services that are currently secured with a username and a password. I get a 401 unauthorized when attempting to generate a service proxy using svcutil. I know you need to set up a svcutil.exe.config file but I cannot find any examples except for one that passes a certificate.
Dows anyone know how to send a username and password using svcutil?
I don't think you can do that.
What you can do in this case is either connect to that address in a browser and just download and save the WSDL file to your local disk and call svcutil.exe on that local copy - or ask the publisher of that webservice to either give you an URL which doesn't require authentication, or to simply send you the relevant WSDL and possibly XSD files so you can create a client side proxy for that service.
You can't authenticate in svcutil, but you can set up credentials in Windows for the target machine. Go to your account management page, then to your stored credentials. Add a new entry with the target hostname and credentials. After this, you can use svcutil with the URL.
Try this. This should work with any web page requiring username and password.
svcutil http://user:password#someurl?wsdl
I am working on a site where users can login to get more private information.
My client has another site else where that uses nt authentication for accessing it.
What they want to do is have a button on the site I am working on under the private area that will send them to the nt authenticated site, but not require them to log on to that site instead passing the username and password that they used to log into my site to the other site for them.
Is it possible to do this? and how would I accomplish it? Is there a better way to do this?
Here's an (untested) theory, the details of which will greatly depend on what types of authentication the Sharepoint site will accept. I'll tackle Basic, since it's the easiest.
You'll write out some JavaScript that uses XMLHttpRequest to submit a request to the Sharepoint site, and add their username and password to the request headers. Their browser will run that JavaScript, and get logged into the Sharepoint site.
Now, when they click the link, the client's browser should have the cached credentials to send to the Sharepoint site.
Possible issues:
XMLHttpRequest does not allow cross domain auth
Browser and XHR don't share auth info
Sharepoint and XHR can't agree on auth method
Another option is to proxy the connection to Sharepoint, which allows you to login server side (bypassing XHR limitations and browser security) - but requiring load on your server and possibly some URL target issues.
How will the other site validate your username and password?
Ideally your site shouldn't even be remembering the user's password to be able to pass it to another site (you store hashes of the password, not the password itself, and only use the actually password during validation).
What if your site provided a token to the user, who presents that token to the new site, which in turn asks your site to validate the token. Basically the second site is trusting you to tell them who the user is.
This all breaks down if the second site is actually using the Windows accounts for anything other than just retrieving a user name (for example permissions on the underlying file), since the user is not logged on as the actual Windows user account in this scenario.
If you need to authenticate against the second site, you may need to spawn a new thread and call the windows LogonUser API. Once you have the security token, assign it to the new thread and do your connection via that thread.
LogonUser requires enhanced privileges, and isn't Managed code, so there are some pretty severe hiccups to using it. But that's been the only work around I've been able to find to get a Forms authenticated site talking to a Windows Authenticated Service/Site.
Hope this helps.
Is this an intranet environment? If so they shouldn't have to login anyways. If sharepoint is setup using "Integrated Authentication" and the site is listed as a trusted site in IE, the browser will use there network cred for auto login. This can be setup on firefox as well.
Your users will not be able to connect to the NTLM site directly without getting an NTLM challenge. I would write what would effectively be a proxy to the NTLM site; i.e your server-side code will have credentials to connect to the NTLM site, and it passes through the requests from your users.
As you mention it's SharePoint (spit) bear in mind that SharePoint has a bunch of Web Services you could use for this (rather than doing screen-scraping).