Home > Archive > Java Security > October 2004 > From Basic Authentication to Form-Based Authentication
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
From Basic Authentication to Form-Based Authentication
|
|
|
| Hi,
I need to change an application that uses Basic Authentication to use
Form-Based Authentication. This is simple to do and is done.
Right, but I now have a possible problem whereby some users who have
saved their username and password using the check box option on the
Basic Authentication window will not be able to enter the application.
This is because their passwords were auto-generated to something that
wasn't easy to remember and thus they've now forgotten it. They had
that check-box checked all the time so they didn't need to remember.
Is it possible for the new Form-Based Authentication to pick up the
username and password and populate these fields on the form just like
the Basic Authentication did? Where does the browser store this info?
Any help is greatly appreciated,
Dom
| |
| Oscar kind 2004-10-16, 3:56 am |
| Dom <dominic.marmion@which.co.uk> wrote:
> I need to change an application that uses Basic Authentication to use
> Form-Based Authentication. This is simple to do and is done.
>
[...]
>
> Is it possible for the new Form-Based Authentication to pick up the
> username and password and populate these fields on the form just like
> the Basic Authentication did? Where does the browser store this info?
This depends on the browser, AFAIK.
You now have several options:
1. Accept that users cannot access their password. The easiest solution
is to change their password (if it's stored as a hash) and send it to
them.
2. Create a small website (1 page) using basic authentication where all
users can login. The page does nothing but show the username and
password. This is possible, because the request contains a header
"Authentication", containing the String "Basic" followed by a
base64-encoded string containing username + ':' + password.
--
Oscar Kind http://home.hccnet.nl/okind/
Software Developer for contact information, see website
PGP Key fingerprint: 91F3 6C72 F465 5E98 C246 61D9 2C32 8E24 097B B4E2
|
|
|
|
|