Do not prompt for credentials if user is not authenticated

Question

Do not prompt for credentials if user is not authenticated

Navigation

#1 by (4 votes)
#2 by (4 votes)

9

I have a system with two sites in the same domain. The two sites are in separate folders of the same domain, something like this:

http://renan/foo
http://renan/bar

The first site (let's call it " foo ") has a page that accesses data from another site (" bar ") via Ajax. When the user is logged on both, everything happens as desire. But when the user is only logged in foo , the browser displays a prompt asking for user name and password. Authentication is done via Active Directory and not all users of each site should have access to the other.

I would like that, in case the user is logged in foo not in bar , the login prompt does not appear. I wanted to treat it as a mistake. Is there any way to verify that the system would ask for authentication and prevent the prompt from appearing?

Here is a snippet of the code I'm using for the request:

$.ajax({
    headers: {
        "accept": "application/json;odata=verbose",
        "content-type": "application/json;odata=verbose"
    },
    type: "GET",
    url: "http://renan/bar/baz",
    beforeSend: function (xhr) {
        xhr.withCredentials = true;
    }
})

javascript ajax

asked by anonymous 19.09.2014 / 16:28

2 answers

How to create masks in input with JavaScript? [duplicate] Javascript performance: switch or if nested?

score 4 · Answer 1

Maybe you can intercept the message with the done jquery ajax method, as follows:

$.ajax({
    headers: {
        "accept": "application/json;odata=verbose",
        "content-type": "application/json;odata=verbose"
    },
    type: "GET",
    url: "http://renan/bar/baz",
    beforeSend: function (xhr) {
        xhr.withCredentials = true;
    }
}).done(function (data) {
    // avoid response and use your own behavior
}).error(function (xhr) {
    // Treat the error.
});

score 4 · Answer 2

I've had a similar problem ...

Unfortunately, after a long time lost searching for a solution, I came to the conclusion that I had nothing to do because - in my case - it is a windows authentication, managed by the application pool.

I had the option to change the entire login mechanism and make my applications manage the authentication - either by cookie, bank, etc. But as time was tight, I decided to put the applications in the same pool.