View previous topic :: View next topic |
Author |
Message |
Paulie -
Joined: 20 Feb 2016 Posts: 24
|
Posted: Thu Mar 30, 2023 2:38 am Post subject: Send user/pass to Access Control |
|
|
Currently when a directory is protected with Access Control settings, the user is presented with a dialog box asking for username and password to continue.
Is there any way to automate this in the URL?
Example:
https://mydomain.com/private/?user=admin&pass=1234 |
|
Back to top |
|
|
Horizon -
Joined: 18 Feb 2022 Posts: 54
|
Posted: Thu Mar 30, 2023 3:55 am Post subject: |
|
|
Hello,
The authentication dialog is actually drawn/generated by your web browser:
Abyss just replies with something like 'HTTP 401 Authorization Required'.
Then your web browser has to draw the authentication window with textboxes itself.
It's called HTTP Basic Auth, and you should be able to tell any web browser to automatically login using this format:
http[s]://username:password@my.domain.com/my/url?etc=queries
However you should disable HTTP (require HTTPS) on any pages protected by Access Control just like any other login page.
You can do this by going into the general server settings, then Advanced, and in the Serve only over HTTPS list add the paths protected by Access Control.
However there are talks with web browers developers about deprecating/removing support for basic auth URLs like the one I've shown above.
In such cases, the users will have to manually login atleast once and use the Remember password feature of their web browser.
It will be an extra click, but atleast it will still work. |
|
Back to top |
|
|
Paulie -
Joined: 20 Feb 2016 Posts: 24
|
Posted: Thu Mar 30, 2023 3:35 pm Post subject: |
|
|
Thank you, that is what I was looking for. |
|
Back to top |
|
|
|