Coding Thread, Get password from ASP.net Basic Authentication in Coding and Web Development; Is it possible to get the password a user used for ASP.net Basic authentication login? I need to set both ...
23rd June 2010, 07:04 PM #1
- Rep Power
Get password from ASP.net Basic Authentication
Is it possible to get the password a user used for ASP.net Basic authentication login? I need to set both the username and password as cleartext variables. I have been able to get the username successfully, but have not found a way to get the password yet.
23rd June 2010, 10:48 PM #2
You can't - the authentication is handled by the server and you don't get the password.
What you could do is collect the username and password using a form (on a page accessible without authentication). You then check that password is valid (I do it by trying to bind to that username in AD using the username and password) and do whatever after that.
Might be a daft question, but why do you want a user's password? It's not generally a good idea :-)
Thanks to srochford from:
netadmin (23rd June 2010)
23rd June 2010, 11:22 PM #3
- Rep Power
Thanks. I'll take a look at using forms.
I am trying to create a page where users login to an ASP.net application hosted on our campus server, and can click a button to connect to a PHP application hosted on our external web host, and not have to sign in again. (My thinking was to capture the username and password from ASP and send these to the PHP application as hidden form fields to silently and automatically log them into that application). I was going to have ASP destroy the password variable immediately after completing the PHP login for security reasons.
20th July 2010, 02:12 AM #4
- Rep Power
I realize this thread is a month or two old, but it drives me nuts when "you can't" responses becomes a permanent part of the internet landscape rather than a constructive community effort to solve the problem at hand.
Basic authentication encodes both the username and password in a HTTP header variable in base64 encoding. You can pull out this header, remove the string prefix, decode the base 64 string and split the output at the ':'.
Try something like this:
// The header is in the following format
// "Basic 64BitEncodedUsernameAndPasswordString"
string userAndPassEncoded = this.Context.Request.Headers["Authorization"].Substring(6);
// userAndPasswordDecoded is in the following
// format "theusername:thepassword"
string userAndPassDecoded = new System.Text.ASCIIEncoding().GetString(
string userAndPasswordArray = userAndPassDecoded.Split(':');
requestUsername = userAndPasswordArray;
requestPassword = userAndPasswordArray;
catch (Exception ex)
throw new ApplicationException("Unable to get the Basic Authentication credentials from the request", ex);
Thanks to LynxSI from:
netadmin (18th December 2010)
By azrael78 in forum Web Development
Last Post: 15th April 2010, 12:28 PM
By robk in forum Web Development
Last Post: 18th March 2010, 10:21 PM
By apeo in forum Web Development
Last Post: 17th October 2008, 08:35 AM
By plugged_in in forum Web Development
Last Post: 8th March 2007, 11:08 AM
By wesleyw in forum Coding
Last Post: 17th October 2006, 10:30 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)