From Basic Authentication to Form-Based Authentication

Hi,

I need to change an application that uses Basic Authentication to use
Form-Based Authentication. This is simple to do and is done.

Right, but I now have a possible problem whereby some users who have
saved their username and password using the check box option on the
Basic Authentication window will not be able to enter the application.
This is because their passwords were auto-generated to something that
wasn't easy to remember and thus they've now forgotten it. They had
that check-box checked all the time so they didn't need to remember.

Is it possible for the new Form-Based Authentication to pick up the
username and password and populate these fields on the form just like
the Basic Authentication did? Where does the browser store this info?

Any help is greatly appreciated,
Dom

Dom <dominic.marmion@which.co.uk> wrote:
> I need to change an application that uses Basic Authentication to use
> Form-Based Authentication. This is simple to do and is done.
>
[...]
>
> Is it possible for the new Form-Based Authentication to pick up the
> username and password and populate these fields on the form just like
> the Basic Authentication did? Where does the browser store this info?

This depends on the browser, AFAIK.

You now have several options:
1. Accept that users cannot access their password. The easiest solution
is to change their password (if it's stored as a hash) and send it to
them.
2. Create a small website (1 page) using basic authentication where all
users can login. The page does nothing but show the username and
password. This is possible, because the request contains a header
"Authentication", containing the String "Basic" followed by a
base64-encoded string containing username + ':' + password.


--
Oscar Kind                                    http://home.hccnet.nl/okind/
Software Developer                    for contact information, see website

PGP Key fingerprint:    91F3 6C72 F465 5E98 C246  61D9 2C32 8E24 097B B4E2