[AccessD] OT: Putting a Password and Logon name to an HTTP address

Darren Dick D.Dick at uws.edu.au
Wed Jul 6 19:05:19 CDT 2005


Thanks to all who responded
Darren

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of MartyConnelly
Sent: Thursday, July 07, 2005 9:13 AM
To: Access Developers discussion and problem solving
Subject: Re: [AccessD] OT: Putting a Password and Logon name to an HTTP
address

Cannot Log On to Web Site Requiring Case-Sensitive User Name
http://support.microsoft.com/default.aspx?scid=kb;en-us;228914

However it is more likely bet, that this is the cause if the the below
IE security patch installed.
I think these series of  patches went in last year.

http://support.microsoft.com/kb/832894/

Look under technical details of this IE patch

http://www.microsoft.com/technet/security/bulletin/MS04-004.mspx
The following URL syntax is no longer supported in Internet Explorer or
Windows Explorer after you install this software update:

http(s)://username:password at server/resource.ext

Details of workarounds for coding via WinInet or UrlMon is available
below or how to do a registry hack to disable uid password suppresion.
A security update is available that modifies the default behavior of
Internet Explorer for handling user information in HTTP and in HTTPS
URLs

http://support.microsoft.com/default.aspx?scid=kb;en-us;834489

I think you can also put the uid and password in an encrypted http
header and use winhhtp or xmlhttp.


Darren Dick wrote:

>Hi Guys
>Way OT, but I wanna code it into an app.
>On some WebPages we are forced to logon to a web site using
>the standard Web version of a logon box comes up asking for the
>User Name and password for that site. (These are NOT sites I or we have
>designed)
>
>It's the generic one
>See a screen dump at 
>http://tripledee.com.au/accessd/Generic_Logon.jpg
>
>Anyway...my question is this
>I can pass credentials to an ftp session by doing something like this
>
>ftp://UserName:Password@someServer.com.au
>
>Cool
>
>When I try the same syntax using
>http://UserName:Password@someServer.com.au
>In an attempt to bypass the screen in the screen dump it fails.
>
>Does anyone know a way to do it?
>
>Many thanks
>
>Darren
>  
>

-- 
Marty Connelly
Victoria, B.C.
Canada



-- 
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com



More information about the AccessD mailing list