我怎样才能苏preSS浏览器的身份验证对话框? [英] How can I supress the browser's authentication dialog?
问题描述
我的Web应用有一个登录页面,通过AJAX调用提交身份验证凭据。如果用户输入正确的用户名和密码,一切都很好,但如果没有,会发生以下情况:
My web application has a login page that submits authentication credentials via an AJAX call. If the user enters the correct username and password, everything is fine, but if not, the following happens:
- 在该网站的服务器确定,虽然要求包括良好的授权标题,在标题的证书没有成功验证。
- 在Web服务器返回401状态code和包括一个或多个WWW验证标题列出支持的身份验证类型。
- 在浏览器检测到响应我的XMLHtt prequest对象上调用是401和响应包括WWW验证报头。然后,它会弹出一个身份验证对话框,要求再次输入用户名和密码。
这是一切优秀,直到第3步。我不想让对话框弹出,我希望要处理我的AJAX回调函数401响应。 (例如,通过显示在登录页面上的错误消息。)我希望用户重新输入他们的用户名,当然和密码,但我希望他们看到我的友好,安心登录表单,而不是浏览器的丑陋,默认认证对话框。
This is all fine up until step 3. I don't want the dialog to pop up, I want want to handle the 401 response in my AJAX callback function. (For example, by displaying an error message on the login page.) I want the user to re-enter their username and password, of course, but I want them to see my friendly, reassuring login form, not the browser's ugly, default authentication dialog.
顺便说一句,我有超过服务器无法控制,所以有它返回一个自定义状态code(即东西比401等)是不是一种选择。
Incidentally, I have no control over the server, so having it return a custom status code (i.e., something other than a 401) is not an option.
有没有什么方法可以让我晚饭preSS验证对话框?特别是,我可以燮preSS在Firefox 2或更高版本的要求身份验证对话框?有没有什么办法可以燮preSS连接到的 [主持人] 的在IE 6中对话和更高?
Is there any way I can suppress the authentication dialog? In particular, can I suppress the Authentication Required dialog in Firefox 2 or later? Is there any way to suppress the Connect to [host] dialog in IE 6 and later?
修改
从作者的其他信息(9月18日):的
我要补充一点,与浏览器的身份验证对话框弹出真正的问题在于,它给足够的信息给用户。
Edit
Additional information from the author (Sept. 18):
I should add that the real problem with the browser's authentication dialog popping up is that it give insufficient information to the user.
用户刚刚进入一个用户名和密码,通过登录页面上的形式,他认为自己已经正确输入他们两个,他点击了提交按钮或回车。他意料的是,他将被带到下一个页面或者说,他已经进入了他的信息不正确,应该再试一次。然而,他不是$ psented有一个意想不到的对话盒P $。
The user has just entered a username and password via the form on the login page, he believes he has typed them both correctly, and he has clicked the submit button or hit enter. His expectation is that he will be taken to the next page or perhaps told that he has entered his information incorrectly and should try again. However, he is instead presented with an unexpected dialog box.
该对话框不作任何确认的事实,他只是的没有的输入用户名和密码。它没有明确说明有问题,他应该再试一次。相反,对话框presents包含加密信息的用户的网站说:' [域] 的'。其中的 [域] 的是,只有一个程序员可以爱一个简短的领域名称。
The dialog makes no acknowledgment of the fact he just did enter a username and password. It does not clearly state that there was a problem and that he should try again. Instead, the dialog box presents the user with cryptic information like "The site says: '[realm]'." Where [realm] is a short realm name that only a programmer could love.
网页broswer设计者注意:没有人会问如何晚饭preSS身份验证对话框,如果对话框本身是简单的对用户更友好。在全部的原因,我在做一个登录表单是,我们的产品管理团队正确地认为该浏览器的身份验证对话框是可怕的。
Web broswer designers take note: no one would ask how to suppress the authentication dialog if the dialog itself were simply more user-friendly. The entire reason that I am doing a login form is that our product management team rightly considers the browsers' authentication dialogs to be awful.
推荐答案
我不认为这是可能的 - 如果你使用浏览器的HTTP客户端实现,它总是会弹出一个对话框。两名黑客浮现在脑海中:
I don't think this is possible -- if you use the browser's HTTP client implementation, it will always pop up that dialog. Two hacks come to mind:
-
也许闪光处理这种不同的(我还没有尝试过),所以有一个闪光的电影提出这项要求可能会有所帮助。
Maybe Flash handles this differently (I haven't tried yet), so having a flash movie make the request might help.
您可以设置一个proxie对于要访问你自己的服务器上,并将它修改身份验证头一点,使浏览器无法识别它们的服务。
You can set up a 'proxie' for the service that you're accessing on your own server, and have it modify the authentication headers a bit, so that the browser doesn't recognise them.
这篇关于我怎样才能苏preSS浏览器的身份验证对话框?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
