+ Post New Thread
Results 1 to 4 of 4
Coding Thread, Get password from ASP.net Basic Authentication in Coding and Web Development; Is it possible to get the password a user used for ASP.net Basic authentication login? I need to set both ...
  1. #1

    Join Date
    Dec 2006
    Location
    US
    Posts
    300
    Thank Post
    64
    Thanked 17 Times in 16 Posts
    Rep Power
    18

    Get password from ASP.net Basic Authentication

    Is it possible to get the password a user used for ASP.net Basic authentication login? I need to set both the username and password as cleartext variables. I have been able to get the username successfully, but have not found a way to get the password yet.

    Any ideas?

  2. #2

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,157
    Thank Post
    116
    Thanked 529 Times in 452 Posts
    Blog Entries
    2
    Rep Power
    124
    You can't - the authentication is handled by the server and you don't get the password.

    What you could do is collect the username and password using a form (on a page accessible without authentication). You then check that password is valid (I do it by trying to bind to that username in AD using the username and password) and do whatever after that.

    Might be a daft question, but why do you want a user's password? It's not generally a good idea :-)

  3. Thanks to srochford from:

    netadmin (23rd June 2010)

  4. #3

    Join Date
    Dec 2006
    Location
    US
    Posts
    300
    Thank Post
    64
    Thanked 17 Times in 16 Posts
    Rep Power
    18
    Thanks. I'll take a look at using forms.

    I am trying to create a page where users login to an ASP.net application hosted on our campus server, and can click a button to connect to a PHP application hosted on our external web host, and not have to sign in again. (My thinking was to capture the username and password from ASP and send these to the PHP application as hidden form fields to silently and automatically log them into that application). I was going to have ASP destroy the password variable immediately after completing the PHP login for security reasons.

  5. #4

    Join Date
    Jul 2010
    Location
    Surrey, BC, Canada
    Posts
    1
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Lightbulb

    I realize this thread is a month or two old, but it drives me nuts when "you can't" responses becomes a permanent part of the internet landscape rather than a constructive community effort to solve the problem at hand.

    netadmin:
    Basic authentication encodes both the username and password in a HTTP header variable in base64 encoding. You can pull out this header, remove the string prefix, decode the base 64 string and split the output at the ':'.

    Try something like this:
    Code:
                string requestUsername;
                string requestPassword;
                try
                {
                    // The header is in the following format
                    // "Basic 64BitEncodedUsernameAndPasswordString"
                    string userAndPassEncoded = this.Context.Request.Headers["Authorization"].Substring(6);
                    // userAndPasswordDecoded is in the following
                    // format "theusername:thepassword"
                    string userAndPassDecoded = new System.Text.ASCIIEncoding().GetString(
                        Convert.FromBase64String(this.Context.Request.Headers["Authorization"].Substring(6)));
                    string[] userAndPasswordArray = userAndPassDecoded.Split(':');
                    requestUsername = userAndPasswordArray[0];
                    requestPassword = userAndPasswordArray[1];
                }
                catch (Exception ex)
                {
                    throw new ApplicationException("Unable to get the Basic Authentication credentials from the request", ex);
                }
    Best Regards,

  6. Thanks to LynxSI from:

    netadmin (18th December 2010)

SHARE:
+ Post New Thread

Similar Threads

  1. ASP.Net/SQL
    By azrael78 in forum Web Development
    Replies: 3
    Last Post: 15th April 2010, 12:28 PM
  2. ASP Password reset for AD
    By robk in forum Web Development
    Replies: 2
    Last Post: 18th March 2010, 10:21 PM
  3. ASP .Net rewritepath
    By apeo in forum Web Development
    Replies: 2
    Last Post: 17th October 2008, 08:35 AM
  4. PHP or ASP.NET
    By plugged_in in forum Web Development
    Replies: 38
    Last Post: 8th March 2007, 11:08 AM
  5. using IMAP Authentication in ASP
    By wesleyw in forum Coding
    Replies: 1
    Last Post: 17th October 2006, 10:30 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •