A URL such as http://username:[email protected]/
does not work in Internet Explorer, as explained in the Microsoft Knowledgebase article “Internet Explorer does not support user names and passwords in Web site addresses”. I can’t find a proper workaround for this. I want just a simple link in a HTML document which works.
We have a website, with fairly secure cookie-based login. We have standard stats packages (Webalizer and AWStats) which use HTTP authentication. I want to give the administrator of the site a quick link to the stats. The link, which includes the password, will be available only to a logged in administrator. It’s no great security risk.
We can do HTTP basic authentication URL with @ in password. We have to pass the credentials appended with the URL. The username and password must be added with the format − https://username:password@URL.
Basic authentication is simple and convenient, but it is not secure. It should only be used to prevent unintentional access from nonmalicious parties or used in combination with an encryption technology such as SSL.
Per the Knowledgebase article, this can be enabled by setting the DWORD
for iexplore.exe to 0 in:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
.
Doing so will enable you to browse to URLs using the syntax [user]:[password]@[url]
.
The username:[email protected] construct was removed as a security feature. Storing passwords in plain text is a bad idea to start with, and this form of the url was a frequently used attack vector for phishing attacks. The article you link to lists some work-arounds... can you not just prompt the user to enter a password?
If you give a little more details about what you're doing, it's possible a better solution may be found.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With