RTC Forums
May 05, 2024, 09:02:25 PM *
Welcome, Guest. Please login or register.

Login with username, password and session length
 
   Home   Help Login Register  
RTC Forums > Subscription > Support > Username and Password from URL
Pages: [1]
« previous next »
  Print  
Author Topic: Username and Password from URL  (Read 3914 times)
usernametaken
RTC Expired
*
Posts: 6
« on: July 20, 2017, 09:12:27 AM »
Is there any way in RTC to read the username and password on the server if it is passed in the URL?

http://username:password@myurl.com/
        =================
//         /\
//         ||
// I need this part

I googled around and it is supposed to be in the
request headers 'authorization' but I don't see it in the  is not in the request.HeaderText... I also don't see it in the Request Headers on the browser (chrome)  debug
Logged
D.Tkalcec (RTC)
Administrator
*****
Posts: 1881
« Reply #1 on: July 20, 2017, 01:11:43 PM »
According to the info I've just found after a short Google search (see https://bugs.chromium.org/p/chromium/issues/detail?id=123150 and https://bugs.chromium.org/p/chromium/issues/detail?id=504300), Basic Authentication using URLs where the username and password are embedded in plain text with the format http://username:password@mydomain.com has been intentionally removed from Google Chrome 19 (apparently for security reasons and because "Internet Explorer" does NOT support this either, see https://support.microsoft.com/en-us/help/834489/internet-explorer-does-not-support-user-names-and-passwords-in-web-sit). I guess, that's why you can't find that info in the Chrome Browser when debugging and why it is NOT in the "Authorization" Request header, which you could normally access using the Sender.Request['Authorization'] property and by checking the Sender.Request.HeaderText property (where all Request Headers are included).

Best Regards,
Danijel Tkalcec
Logged
usernametaken
RTC Expired
*
Posts: 6
« Reply #2 on: July 20, 2017, 01:23:55 PM »
Thanks for the quick response and feedback (as always).

It is unfortunate, because it is quite convenient sometimes for testing purposes.

However, even though chrome is not showing is in the debugger... it still sends it to the server... I am not sure how.
I have some applications running on glassfish that use this, and they are still working.
Also when I issue https://username:password@google.com/ I get a whole lot of security related messages back (in the debugger) from their server... That implies that the server is getting it.

Anyway... It is a nice to have, but not needed in the production environment for my project
Logged
D.Tkalcec (RTC)
Administrator
*****
Posts: 1881
« Reply #3 on: July 20, 2017, 01:36:59 PM »
Anything a Web Browser sends to the RTC Server as part of a HTTP/S Request Header will be accesible through the Sender.Request object (Method, URI and HeaderText). If it is NOT there, then it was NOT sent by the Web Browser you are using. As for Chrome, since it is basically a "Google" Browser, I wouldn't be surprised if this mechanism was disabled for all domains, except for those owned by Google.

Best Regards,
Danijel Tkalcec
Logged
Pages: [1]
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.023 seconds with 16 queries.