对于在iframe一个url的基本身份验证 [英] Basic authentication for a url in an iframe

问题描述

我需要验证页面上，从一个iframe发送一个请求（其中正在通过JavaScript创建）。认证将基本的HTTP验证完成。我试着做

 的http：//用户名：密码@服务器
 

但显然这是因为安全异常的IE浏览器无法使用：

http://support.microsoft.com/kb/834489

有另一种方式我可以添加到认证的要求如此的iframe将自动与服务器进行身份验证？谢谢你。

下面是我目前使用不工作的code：

  VAR URL =的http：//用户名：测试@本地：12000 / Service.svc /的getStatus';尝试{
    //附加图像缓存AUTH
    VAR框架= $（'＆LT; IFRAME /＆GT;'）;    frame.load（函数（）{
        警报（'这里'）;
    }）;    $（'身体'）追加（架）;    frame.attr（'src'中，URL）;
    //img.remove（）;
}
赶上（E）{}
 

解决方案

我必须解决这个确切的问题。唯一的解决办法我能想出使用反向代理。这是这样的：

 浏览器（不包括基本身份验证的要求） -  GT;反向代理服务器（添加了基本的认证请求） -  GT;目标服务器（需要基本身份验证）
 

因此​​，有从目标服务器单独运行的地方反向代理。在基本认证的细节被存储在反向代理。

说在 IFRAME 的URL看起来像这样（假设反向代理运行在端口 8088 ）

 ＆LT; IFRAME SRC =htt​​p://proxy_id.proxy_host.com:8088/cgi-bin/some/path＆GT;＆LT; / IFRAME＆GT;
 

反向代理然后转换成这样的要求：

  http://destination_host.com:PORT/cgi-bin/some/path
 

其中， destination_host ， PORT 和基本身份验证的详细信息（发送到目标服务器请求头，使他们是在URL中不再可见）的基础上，反向代理服务器配置都采取了 proxy_id 这是在原来的网址。

反向代理将头（修改主机从 *。proxy_host.com 到 destination_host.com ），但它不会改变的路径，因此代理是透明的来自浏览器的任何要求，包括，甚至任何请求的子请求下载CSS或JavaScript文件从JavaScript启动。

这种设置需要相应的DNS条目，这样 proxy_id.proxy_host.com 解析为反向代理服务器的IP和 destination_host.com 解析为目标服务器的IP地址。根据要求 proxy_host 可实际上是相同的 destination_host （例如，如果代理在目标服务器上运行）。

---

这是基本的想法。在我的项目的代理服务器配置可动态添加，所以我不得不确保主域的所有子域 *。some_host.com 解析为相同的反向代理IP。我使用的亚克力DNS 了解，作为默认的Windows 主机文件不支持子域为 * （包罗万象）。

根据您的项目的要求，你可以能够找到可以用于这一目的的适当反向代理。我的项目是用Erlang编写的，我找不到，我可以用任何代理，所以我实现了我自己。检查它在GitHub上： yoonka /牛仔竞技。它没有任何文件，但尚未在code是相当简单的。它可以用任何语言编写的项目中可能使用的，但目前的限制是，配置正在使用Erlang的要求（如我的项目是正在从另一个二郎应用程序提供）补充说。 ）

：从静态文件读取配置，以及一个更好的文档，可以如果只存在对任何需求被添加

I need to authenticate a request being sent from an iframe (which is being created through javascript) on a page. The authentication will be done with basic http authentication. I've tried doing

http://user:password@server

but apparently this is unavailable in IE because of a security exception:

http://support.microsoft.com/kb/834489

Is there another way I can add the authentication into the request so the iframe will automatically authenticate with the server? Thanks.

Here's the code I'm currently using that doesn't work:

var url = 'http://userName:test@localhost:12000/Service.svc/GetStatus';

try {
    // Attach image to cache auth
    var frame = $('<iframe />');

    frame.load(function() {
        alert('here');
    });

    $('body').append(frame);

    frame.attr('src', url);
    //img.remove();
}
catch (e) {

}

解决方案

I had to solve this exact issue. The only solution I could come up with is using a reverse proxy. This works like this:

Browser (request without basic authentication) -> Reverse Proxy (request with added basic authentication) -> Destination server (requires basic authentication)

So there is a reverse proxy running somewhere separately from the destination server. Details of the basic authentication is stored in the reverse proxy.

Say the URL in iframe looks like this (assuming the reverse proxy runs on port 8088):

<iframe src="http://proxy_id.proxy_host.com:8088/cgi-bin/some/path"></iframe>

The reverse proxy then translates the request to look like this:

http://destination_host.com:PORT/cgi-bin/some/path

Where destination_host, PORT and details of the basic authentication (sent to the destination server as request headers so they are no longer visible in the URL) are taken from the reverse proxy configuration based on the proxy_id that was in the original URL.

The reverse proxy will change the host header (from *.proxy_host.com to destination_host.com) but it will not change the path, so the proxy is transparent to any requests coming from the browser, including any sub-requests to download CSS or JavaScript files, or even to any requests initiated from JavaScript.

This set-up requires appropriate DNS entries so that proxy_id.proxy_host.com resolves to the IP of the reverse proxy and destination_host.com resolves to the IP of the destination server. Depending on requirements proxy_host can be actually the same as destination_host (e.g. if the proxy is running on the destination server).

---

That was the basic idea. In my project proxy configurations can be added dynamically so I had to ensure that all sub-domains of the main domain *.some_host.com resolve to the same reverse proxy IP. I am using Acrylic DNS for that as the default Windows hosts file doesn't support sub-domains as * (catch-all).

Depending on the requirements of your projects you may be able to find a suitable reverse proxy that could be used for that purpose. My project is written in Erlang and I couldn't find any proxy that I could use, so I implemented my own. Check it on github: yoonka/charreada. It doesn't have any documentation yet but the code is fairly simple. It could be potentially used with any project written in any language, but currently the limitation is that the configuration is being added using Erlang calls (as in my project it is being supplied from another Erlang application). Reading the configuration from a static file, as well as a better documentation, can be added if only there is any demand for that :)

这篇关于对于在iframe一个url的基本身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！