I have a password protected website running on WinCE that, upon attempting to access the secure pages, will automatically fire up the built-in browser log in box using WWW-Authenticate.
I want to be able to test whether the user is logged in or not by accessing that page. The issue is that when I try this using a jQuery ajax request the browser pops up the login box as it would if the user had navigated there! How can I prevent the login box from opening and instead have jQuery just throw an error instead
Running the following code:
$.ajax({
url: '/web/secure/securepage.html',
success: function(data){ console.log(data) },
error: function (xhr, ajaxOptions, thrownError) {
alert(xhr.status);
alert(thrownError);
}
});
Makes this box appear instead of just failing with an error message
You are using HTTP authentication. If the client is not logged in you will get login box (AJAX or otherwise).
If it is possible for you to keep an insecure page within the path
/web/secure/then you can try to create an ASP ‘login test’ page as follows:/web/secure/. You can name it like/web/secure/logintest.asp./web/secure/logintest.asp(it is the page you created above. Since it’s insecure you won’t get the login popup).Authorizationvalue (e.g.Authorization: Basic amltbXk6cGFnZQ==) usingRequest.ServerVariables("Authorization"). If the header value exists it means the user is authorized and send the success status code (200) else send a client failure code (4xx).Try reading through ASP for Win CE here.
The thing I am counting on here is that once the HTTP authorization is successful the browser always sends the
Authorizationheader for consecutive requests under the same server path (hence the need to create the insecure page within/web/secure/). If the user is logged in you will be able to judge it by retrieving the header on the ASP page.