Can I authenticate an iFrame page from the parent page?

Question

I have a simple HTML page that rotates through several status pages that I display on several tv's around campus. I regularly update the page and the links. Many times the pages require authentication. It is a pain to remote to ever terminal to supply credentials. Some are HTTP authentication and some are some <form> based authentication baked into the site. Many times I can get around the <form> based authentication with HTML and JavaScript that post the right credentials.

1. Is there a better way to get around the <form> based authentication from the host page? (below)

2. Is there any way to get around the Server/HTTP based authentication from the host page without having to manually authenticate on ever display?

By <form> authentication I mean that a <form> action generates a session cookie?
( mikerobi, thanks for the comment)

Here is the code for the host page

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title> 
  Important Stuff 
</title>
    <script src="/scripts/jquery.js" type="text/javascript"></script>
    <style type="text/css">
        html, body, iframe { margin:0; height:100%; }
        iframe { display:block; width:100%; border:none; }
    </style>
    <script type="text/javascript">
        var link = new Array();        
        link[0] = "http://mycompany.intranet/";        
        link[1] = "http://mycompany.intranet/weather.htm";        
        link[2] = "http://mycompany.intranet/systemstatus/";        
        var linkIndex = 0;
        setInterval("doSomething()", 10000);

        function doSomething() {

            if (linkIndex >= link.length)
            {
                // reload in case the page has been updated
                window.location.reload();
            }

            $("#frame").attr("src", link[linkIndex]);
            linkIndex++;
        }
    </script>
</head>
<body>
    <iframe id="frame" src="http://mycompany.intranet/"></iframe>
</body>
</html>

Answer 1

1. I don't see your code that sends the credentials for the POST-based login, but if you are using JavaScript to automatically submit a form (using its .submit() method), that is probably the best way. Keep in mind that the target attribute of an HTML form allows you to submit the form in a different window (or in your case, iframe) — just give a name="xyz" attribute to the iframe and use target="xyz" for the form. The form would be located in the host page and could be hidden using the CSS display: none.

2. You can include the HTTP Basic Auth username and password in the URL, like: http://username:[email protected]/path. Note that current web browsers may not allow this in their default configurations as a safeguard against a specific phishing technique, and you may have to change the configuration by editing the Windows Registry or other places where web browser settings are stored.