Javascript: How to pass current user credentials for basic auth in HTTP GET

Question

I want to redirect user from one web page on one server to another page on another server. The first application uses Active Directory for authentication. The second application is not using Active Directory for authentication. However, the second application allow to sen the auth header with basic authentication in the HTTP GET request.

I tested sending the Auth header and was successful:

function DoLogin()
{
    var xmlhttp;
    if (window.XMLHttpRequest)
      {// code for IE7+, Firefox, Chrome, Opera, Safari
      xmlhttp=new XMLHttpRequest();
      }
    else
      {// code for IE6, IE5
      xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
      }
    xmlhttp.onreadystatechange=function()
      {
      if (xmlhttp.readyState==4 && xmlhttp.status==200)
        {
        if(xmlhttp.status==200)
            window.location = "http://server:port/home";
        else
            document.getElementById("myDiv").innerHTML="Error in Login";
        }
      }
    xmlhttp.open("GET","http://server:part/auth",true);
    xmlhttp.setRequestHeader("Accept","application/rdf+xml");
    xmlhttp.setRequestHeader("Authorization","Basic Z29082FtaWs6TDN0bWVpbkBPZmZp=45^");
    xmlhttp.send();
}

However, in this code I have sent a hardcoded set of credentials. I do not have access to the Username and password that are required to create this hash. I want to know if there is anyway to grab this hash of credentials and pass them on?

Answer 1

For security reasons I think there is not and there should not be a way to get this credentials of the Active Directory authentication of the first site (site A).

Your options are

1. Implement Active Directory Authentication on the second server as well
2. As a workaround, implement some kind of token based authentication that let's the user access the site B after he has identified to site A.

In both cases you need access to site B.

If you do not have access to site B I do not see a solution.