Disable AIR's login dialog when using XMLHR with HTTP basic authentication

Disable AIR's login dialog when using XMLHR with HTTP basic authentication

30 08 2009

While developing an AIR application which uses an online API with HTTP Basic Authentication I experienced issues with AIR's authentication dialog.

For doing the authentication I generated a HTTP authentication header including the login credentials. I appended this header to my XMLHttpRequest. In case the login credentials were correct, everything was fine and the request could be completed successfully. But if the credentials were wrong, AIR showed up with a login window to enter the login data for the given domain. Since most AIR applications will be a fully integrated user experience, I'm sure this would be a drawback for most developers. Another interesting point is, that the login box showed up even before I got notified about an 401-HTTP status response.

So what to do? In the AIR documentation I could find some information about the URLRequestDefaults object which holds some default data for URLRequests. URLRequests own an "authenticate" property which defines if the authentication should be handled by AIR (which causes the dialog, I thought). But when not using URLRequests and using XMLHttpRequests instead, this setting has no effect.

While doing some research I also found an "authenticate" property for the HTMLLoader object. Setting this property to false disables AIR's authentication handling and my application immediately gets informed about an 401.

Disabling AIR's authentication handling can be done in your JS code using:
window.htmlLoader.authenticate = false;

I suggest to put this in some kind of an "onready" handler:
Event.observe(document, 'dom:loaded', init); function init() { // Disable AIR's authentication handling window.htmlLoader.authenticate = false; }

Written by Sebastian Bauer
Comments : 4 Comments »
Categories : Adobe® AIR™
Trackbacks : No Trackbacks »

Comments

03 09 2009

#1 Bill Bartmann (Reply)

Excellent site, keep up the good work

30 06 2010

#2 Saad (Reply)

Hi Sebastian,

Setting the htmlLoader.authenticate=false definitely disables the dialog box from popping up, but every request is now returned as a 401 even I'm passing the right username and password. Any ideas why?

Thanks

30 06 2010

#2.1 Sebastian (Reply)

Thanks for your comment! How exactly are you doing the authenticated request? Are you just prepending the credentials to the URL (like http://foo:bar@some.url) or are you putting the credentials as an custom HTTP header?

As far as I remember, prepending the credentials in the URL did not work for AJAX calls. I had to explicitely generate an HttpBasicAuth header:

Using prototype.js that would be done using the the "requestHeaders" property. The contents of the header must be "Authorization: Basic "

30 06 2010

#2.1.1 Saad (Reply)

I'm using dojo js-framework for sending the AJAX-Request. Headers and user credentials are all setup correctly, only when disabling AIR's login dialog it doesn't work! Is there any way to catch this dialog maybe!?

Add Comment

Name

Email

Homepage

[ Top level ]#1: Bill Bartmann on 2009-09-03 00:48 #2: Saad on 2010-06-30 14:33   #2.1: Sebastian on 2010-06-30 17:11     #2.1.1: Saad on 2010-06-30 17:42 In reply to

Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.

Standard emoticons like :-) and ;-) are converted to images.

E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.

Enter the string from the spam-prevention image above:

Remember Information?
Subscribe to this entry