My users enter a username and password for a third party service. I do an ajax call to that service to authenticate them. The issue is that if they enter the wrong username and password the browser (at least firefox) will display an “authentication required” dialog. If they then enter the correct username and password in that dialog, my ajax call will return a “success”, and it will appear that the original user/pass they entered was correct, when it is not (since they changed it).
Is there any way to either suppress this dialog (so I can then have my service tell them to correct their user/pass) or somehow grab the correct username and password that the user entered in the browsers dialog? This is a firefox extension.. so I’m sure there is some way to grab the correct pass/login from the request.. but It would be nice if there was a simpler method via javascript.
jQuery.ajax({
type: "GET",
dataType: "xml",
url: endpoint,
username: username,
password: password,
success: function(data,status) {
// Do something
},
error: function(XMLHttpRequest, textStatus, errorThrown){
alert(errorThrown);
}
});
I’ve solved this problem by putting a proxy in between the browser and the service that requires authentication, in my case, a java servlet. The browser sends the AJAX request to the servlet, which forwards the request to the service, then sends back the services’ response, omitting the “WWW-Authenticate” header. Your browser app. handles the HTTP 200 or 401 response code accordingly.
Similarly, the proxy could always return a 200 with a json response indicating the results of the forwarded request. This way you can discern the difference between a failure of your proxy and the response of the service.
One tricky thing you may have to deal with – if the far-end service responds with a set-cookie header, say because it’s created a session for your client, then you have (at least) 2 possible paths to take.
or