如何禁止浏览器的身份验证对话框? [英] How can I suppress the browser's authentication dialog?
问题描述
我的Web应用程序有一个登录页面,通过AJAX调用提交身份验证凭据。如果用户输入正确的用户名和密码,一切都很好,但如果没有,则会发生以下情况:
My web application has a login page that submits authentication credentials via an AJAX call. If the user enters the correct username and password, everything is fine, but if not, the following happens:
- Web服务器确定尽管如此该请求包含格式良好的Authorization标头,标头中的凭据无法成功进行身份验证。
- Web服务器返回401状态代码,并包含一个或多个WWW-Authenticate标头,其中列出了支持的身份验证类型。
- 浏览器检测到对XMLHttpRequest对象的调用的响应是401,响应包括WWW-Authenticate头。然后它会弹出一个验证对话框,再次询问用户名和密码。
这一切都很好,直到第3步。我不希望弹出对话框,我想要在我的AJAX回调函数中处理401响应。 (例如,通过在登录页面上显示错误消息。)我希望用户重新输入他们的用户名和密码,当然,但我希望他们看到我友好,安心的登录表单,而不是浏览器的丑陋,默认身份验证对话框。
This is all fine up until step 3. I don't want the dialog to pop up, I want want to handle the 401 response in my AJAX callback function. (For example, by displaying an error message on the login page.) I want the user to re-enter their username and password, of course, but I want them to see my friendly, reassuring login form, not the browser's ugly, default authentication dialog.
顺便说一句,我无法控制服务器,因此让它返回自定义状态代码(即401之外的其他内容)不是一种选择。
Incidentally, I have no control over the server, so having it return a custom status code (i.e., something other than a 401) is not an option.
有什么方法可以抑制身份验证对话框吗?特别是,我可以在Firefox 2或更高版本中禁止需要验证对话框吗?有没有办法在IE 6及更高版本中禁止连接到 [host] 对话框?
Is there any way I can suppress the authentication dialog? In particular, can I suppress the Authentication Required dialog in Firefox 2 or later? Is there any way to suppress the Connect to [host] dialog in IE 6 and later?
编辑
作者提供的其他信息(9月18日):
我应该添加真正的问题浏览器的身份验证对话框弹出是它给用户提供的信息不足。
Edit
Additional information from the author (Sept. 18):
I should add that the real problem with the browser's authentication dialog popping up is that it give insufficient information to the user.
用户刚刚通过登录页面上的表单输入了用户名和密码,他相信他已正确键入它们,并且单击了提交按钮或按Enter键。他的期望是,他将被带到下一页,或者可能被告知他输入的信息不正确,应该再试一次。但是,他会出现一个意外的对话框。
The user has just entered a username and password via the form on the login page, he believes he has typed them both correctly, and he has clicked the submit button or hit enter. His expectation is that he will be taken to the next page or perhaps told that he has entered his information incorrectly and should try again. However, he is instead presented with an unexpected dialog box.
对话框没有确认他只是做了输入用户名和密码。它没有明确说明存在问题,他应该再试一次。相反,该对话框向用户显示隐藏信息,例如网站说:' [realm] '。其中 [realm] 是一个只有程序员才会喜欢的简短领域名称。
The dialog makes no acknowledgment of the fact he just did enter a username and password. It does not clearly state that there was a problem and that he should try again. Instead, the dialog box presents the user with cryptic information like "The site says: '[realm]'." Where [realm] is a short realm name that only a programmer could love.
Web broswer设计师注意:没有人会问如何如果对话框本身更加用户友好,则禁止验证对话框。我正在做登录表单的整个原因是我们的产品管理团队正确地认为浏览器的身份验证对话框很糟糕。
Web broswer designers take note: no one would ask how to suppress the authentication dialog if the dialog itself were simply more user-friendly. The entire reason that I am doing a login form is that our product management team rightly considers the browsers' authentication dialogs to be awful.
推荐答案
我不认为这是可能的 - 如果您使用浏览器的HTTP客户端实现,它将始终弹出该对话框。想到两个黑客:
I don't think this is possible -- if you use the browser's HTTP client implementation, it will always pop up that dialog. Two hacks come to mind:
-
也许Flash处理方式不同(我还没试过),所以有一部flash电影请求可能有所帮助。
Maybe Flash handles this differently (I haven't tried yet), so having a flash movie make the request might help.
您可以为您在自己的服务器上访问的服务设置proxie,并让它修改认证标题有点,因此浏览器无法识别它们。
You can set up a 'proxie' for the service that you're accessing on your own server, and have it modify the authentication headers a bit, so that the browser doesn't recognise them.
这篇关于如何禁止浏览器的身份验证对话框?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
