I'm trying to pass a basic HTTP authentication from one subdomain to another as to not ask people to login twice.
The first subdomain is PHP capable, while the second is an ASP application. The ASP application is asking for a Basic HTTP Auth prompt (once submitted they have access to the web app), but my goal is to make it so it forces the correct login so it doesn't prompt the user and they can access the web app right away.
On the PHP side I've tried the following:
$base64value = base64_encode($value);
setcookie("Authorization",$base64value, time()+3600*24);
I've also successfully got the header Authentication, but it doesn't seem to pass it to the next page even when it's the same value
header('WWW-Authenticate: Basic realm="'.$base64value.'"');
I've also tried setting the domain with the cookie to no luck. Is it true that you can't pass HTTP Basic Authentication through a cookie? It seems like 2 different techniques.
Basic authentication uses the HTTP Header Authorization that the web client computes, not a cookie. So yes, you cannot pass on authentication with this technique.
You need to re-design the authentication. You could look into reverse-proxying one of the sites behind the other, or set up a CAS service.