I am creating a static website with limited access. I configured the server to protect the subfolder (e.g. www.example.com/restricted) using HTTP Basic Auth. Now I do not want to use the standard browser popup for login, as it is ugly and does not remember the password in the sessions. And it's ugly, have I mentioned this already? =)
So, I am showing an html form and trying to authenticate via JavaScript (here, using jQuery, but the "raw" version showed the same behavior). The function I call looks like
try_login = function(username, password){ $.ajax({ url: '/restricted/login.token', method: 'GET', beforeSend: function(request) { request.setRequestHeader( 'Authorization', 'Basic ' + Base64.encode(username + ':' + password)); }, success: function () { window.location='/restricted/'; }, error: function () { $('#error_message').text("Wrong password."); }});
}
Authentication now works for ajax request. "login.token" is correctly transmitted with a status code of 200 if I use the correct username and password, and I get 401 if I do not.
But the browser (I tested Chrome 28 and IE 10) again asks for the credentials following the redirect in the callback. It does not seem to save credentials.
Am I doing something wrong, or is this really the expected behavior? If so, is there a way to cheat? I really think the browser popup is ugly.
Since this is a static site, any authentication scheme that requires active server-side code, unfortunately, is not applicable here.
source share