January 18th, 2013, 09:28 AM
Unauthenticated access to private web site - How to implement?
I run a completely private website for my small service business. Any visitor/request to homepage immediately gets login/password prompt.
There's no option to register - I distribute login/password to legitimate users myself in advance.
I've been talking to a prospective new client company now. Next week, I'll have a first decisive meeting with their ultimate decision maker, CEO. He wants to evaluate me, and having him look at my (private) website could help. However, my friend-insider in that company suggests that CEO will not bother entering login/password while he could possibly click on a link to view the site.
I can think of one way of giving CEO unauthenticated access to my private site:
Create a copy of the site in another (unprotected) directory on the server and give him the link to it to click on. Theoretically, anyone would be able to access this copy of the site without authorization, but in practice it seems extremely unlikely.
It seems that this approach would work. I still have to figure out how to give open access to a subdirectory
of the site's root directory
which is protected and requires authentication to access.
But maybe there exist better approaches to achieving this objective?
Alternatively, creating a link for the CEO, upon clicking on which my webserver would receive the same signal as if CEO was sending his login/password would be nice. If this is feasible, it would be great to know how to implement it.
I couldn't find any info on this on the web at all. If you can refer to any resources, thanks in advance!
PS. I have full controll/access to any level of my site's and webserver (nginx) administration - I don't outsource anything.
January 20th, 2013, 11:15 AM
If you're using basic HTTP authentication you can put the username and password into the URL:
January 20th, 2013, 11:34 AM
Yes, exactly! - I've just figured this out. Thread is solved.
Originally Posted by E-Oreo
Would the same approach work with Digest Authentication?
January 21st, 2013, 09:08 AM
Here's more discussion on this topic: