18

I already searched within SO for some threads about this, but could only find some which explained what this header is for or how to get the authorization header in c# but I don't want to read it from server side but from client side.

Is there any way to get the Base64 encoded header "Authorization" from the browser? I want to implement a tool where you can log in and if you click on a spezific button your username will be saved.

My problem is that the browser does the authorization automatically, and with jQuery and JavaScript methods you can only set the requestheaders and get the responseheaders. I couldn't find a method to get the requestheaders.

The library gethttp could get some headers, but not the authorization header. My guess is that this header is hidden.

I'm doing a login via SVN and the browser does the authorization the moment you enter the website.

Only the username is enough. I'm searching for solutions where the user doesn't have to input their username.

VKen
  • 4,964
  • 4
  • 31
  • 43
manti
  • 241
  • 1
  • 2
  • 9
  • 3
    You're trying to read that header using C# in the server-side or using Javascript in the client-side? – haim770 Jul 28 '14 at 08:28
  • uh forgot to say this..js on the client side – manti Jul 28 '14 at 08:28
  • have you tried `.getAllResponseHeaders()` method in `XHR` object? – Anto Subash Jul 28 '14 at 08:34
  • Your question isn't clear about what you are doing. Are you writing an application with your own authentication? In this case your in control of what gets sent to the server. If not then what are you doing? – Lee Willis Jul 28 '14 at 08:34
  • yep with this you only get the response header but the authorization is within the request header in the xhr object is only the methode `setRequestHeader()`, `getResponseHeader()` and `getAllResponseHeader()` – manti Jul 28 '14 at 08:36
  • i'm doing a authentication via svn the browser does the authentication which is why i couldn't find an answer myself... – manti Jul 28 '14 at 08:38
  • 3
    You should never trust the browser, it's like the first rule of web club, come on! – php_nub_qq Jul 28 '14 at 08:47
  • 2
    well it's just for use within intranet so it shouldn't be that big of a problem – manti Jul 28 '14 at 08:51

3 Answers3

5

I'm assuming you're trying to use the Basic Realm authorisation mechanism This had already been replied on Stackoverflow and involves the $.ajax() jquery object.
How to use Basic Auth with jQuery and AJAX?
So please don't upvote me on this

$.ajaxSetup({
  headers: {
    'Authorization': "Basic XXXXX"
  },
  data: '{ "comment" }',
  success: function (){
    alert('Thanks for your comment!'); 
  }
});

where XXXXX is your username:password base64 encoded

Community
  • 1
  • 1
John Doeff
  • 309
  • 3
  • 7
2

You can use native fetch API:

fetch("http://localhost:8888/validate",{
  method:"GET",
  headers: {"Authorization": "Bearer xxxxx"}
})
.then(res => res.json())
.then(
  (result) => {
    // do something
  },
  // Note: it's important to handle errors here
  // instead of a catch() block so that we don't swallow
  // exceptions from actual bugs in components.
  (error) => {
    // handle error
  }
)
Barlas Apaydin
  • 7,233
  • 11
  • 55
  • 86
0

It's not possible to get the headers for the request of the CURRENT page. This has been asked several times on SO.

However, you can make a new request and retrieve the headers of that request. That way you are able to get the Basic Auth headers, base64 decode that string and then you have the username (and also the password).

Decoding base64 in javascript can be done using the following function as suggested by @michael in the comments.

window.atob("base64encodedString");
Jens Kooij
  • 379
  • 1
  • 8
  • 1
    Except the headers you get are those you send in the xhr, so they're already known to you. There is no point in doing this. – afilina Aug 17 '15 at 16:28
  • No, it's not possible. You can't get these headers in JS. http://stackoverflow.com/questions/7564007/get-sent-headers-in-an-xmlhttprequest – mik01aj Sep 10 '15 at 11:35
  • 1
    why do you need to implement this `decodeBase64` function when the built-in `atob` function decodes base64? – Michael Dec 07 '20 at 19:32
  • Great point. I used this mainly because I was unaware of this built-in at the time. – Jens Kooij Dec 10 '20 at 10:26