Fill Basic Auth Prompts (htaccess passwords)

In the Bitwarden Help Center I can read that Basic Auth prompts (such as htaccess passwords) will be automatically autofilled if there is only one login item with a matching URI.

This works for me (Firefox) in a strange way:

  • Open the relevant website
  • I am prompted for (htaccess-) username and password (Bitwarden does not autofill the credentials although there is only one matching login item)
  • I press [Esc] then refresh the page using [F5]
  • Now the website appears
  • It seems as if the credentials have been inserted invisibly, but only after having refreshed the page

My second question is: Let’s assume I want to login to the Back-End of a website. The Back-End is secured twice:

  • by a htaccess password
  • after having overcome this hurdle the website is asking for the Back-End username and password

How do you mange this? Bitwarden does not allow two logins for the same URL. But it is obviously necessary to have two logins in such cases.

It does allow two (and more). Create two vault entries and put the same URL on both.

The “name” of the vault entry can be whatever you want and it need not be unique. I’d suggest things like “website.com - backend” and “website.com - htaccess” so that you know which is which.

This is the normal and expected behavior. The “strange” part is that you need to press Esc and F5 for this to work.

There is a recent bug report on GitHub, which might be related. Please take a look, and submit your own observations there if you think the thread is relevant to your experience:

 

Is the URL for the page that triggers the Basic Auth prompt identical (character for character) to the URL for the “standard” (non-basic) login prompt? If not, you can solve the problem by using two separate vault items and strict URI match detection rules. If the two URLs are identical, then it will be difficult to solve the problem, because your Basic Auth login will stop working if there is a second vault item that matches. I might be able to suggest a work-around if that is the case — please let me know.

So the text in the Bitwarden Help Center is misleading?!

I now have two vault entries with the same URL on both. The names are as you suggested. The URL is exactly the same with the option «Default match detection». But now, my trick mentionned above [Esc] then [F5] does not work any more. As soon as I delete the second vault entry, I can press [Esc] then [F5] and the login page to the Back-End appears.

@crimle :

Evidently, @DenBesten was giving you information that is generally true, in response to a literal interpretation of your claim “Bitwarden does not allow two logins for the same URL” — of course, Bitwarden allows multiple login items with the same URL (and this is generally recommended when having multiple login credentials for the same site).

However, in the context of your broader issue, if you do have two or more items that match the same URL, then Basic Auth autofill will cease to function, as you’ve discovered (and as accurately documented in the Help Center).

I await your response to my comment above.

1 Like

Name, Username and Password are different, but URI 1 is 100% identical including the final /

Thank you very much!

Well, I would not mind if it was just autofill that does not work. In fact, when I manually select the respective item from Bitwarden password manager, there is a red error message «The fields on this page could not be filled in automatically. Copy and paste the information manually.»

OK, I have two work-around suggestions for you:

Approach 1

Keep the two sets of credentials in separate login items, but set the URI match detection for the back end login to “Never” (or simply delete the URI). To autofill the back end, search for the corresponding vault item (you may want to tailor the item name or use other SEO tricks to make it easier to search for), then open it and click the “Autofill” option from there (in the redesigned browser extension you will be able to autofill directly from the search results list, no need to open the item).

Approach 2

Us a single vault item, but define custom fields to hold the login credentials for the back end login form. By making the custom field names match one of the identifying attributes for the login form input fields, you should be able to autofill the back end login form as usual.

 

Let me know if one of these works for you!

Approach 1
Does not work or (to be precise) is so clumsy that I would say it is absolutely not manageable. The 1st prompt (the htaccess password) is still not autofilled and even cannot be filled manually. Error message «The fields on this page could not be filled in automatically. Copy and paste the information manually.»
The workaround with [Esc] and [F5] works after all. But then, when the Back-End login page appears, Bitwarden autofills the wrong credentials (the htaccess credentials instead of the Back-End credentials). This means that I would have to clear the two erroneously filled fields, look up manually the second vault item and manually copy/paste username and password in two separate operations.

Approach 2
Works basically but I still find it inconvenient. My colleagues are telling me that their password managers can handle this constellation without any trouble. They are using 1Password and RoboForm. I am reluctant to belief it and I would prefer to go on using Bitwarden.

I thought this did work for you (after pressing Esc and refreshing), per your top comment? What changed?

If it doesn’t work when the back end credentials are prevented from matching (by deleting the URI or setting URI matching to “Never” for the back end item), then it may be because of Issue 11719.

How so? If you enable autofill on page load for that item, then it should just log you in to both the front end and back end without any required action on your part. Or in case autofill on page load doesn’t work for some reason, you would just need to hit Ctrl+Shift+L and Enter.

I have no experience with those password managers, and I also don’t know what the technical limitations to Basic Auth autofill are (i.e., the reason why Bitwarden can only do an automatic autofill for Basic Auth — the need to autofill without user interaction is the reason why there can only be s single matching login item, but why are user interactions not allowed when doing Basic Auth?).

Would be nice to get a developer’s perspective on this, but they are quite busy, and don’t always monitor all discussions on the forum.


 

Edited to Add: Seems like some 1Password users are also having trouble with Basic Auth this year.

I am happy to announce, that I have kind of a solution that is acceptable for me.

Preparation

My first decision: begin from the scratch. So I deleted both items from my Bitwarden vault (the Back-End and the htaccess credentials.

Then I manually added the «htaccess» item using the [+] symbol on top. My settings here:
Name: «mywebsite.ch htaccess»
Username: the htaccess username
Password: the htaccess password
URI 1: the complete URL of by Back-End login page https://mywebsite.ch/backend
Option: Basic domain

Then I manually added the «Back-End» item using the [+] symbol on top. My settings here:
Name: «mywebsite.ch Back-End»
Username: the Back-End username
Password: the Back-End password
URI 1: the complete URL of by Back-End login page https://mywebsite.ch/backend (the same as for the first item)
Option: Default match detection

Finally I would like to mention, that in Bitwarden’s general settings, the option «Auto-fill when loading the page» is disabled. The reason for this: when I had this option enabled, I experienced a number of unwanted side effects as Bitwarden pasted my credentials into fields at every possible and impossible opportunity. For example, when I added a new user in the back-end, this new user suddenly had my username and password and this data was sent to the user by email. OMG!

Usage

The usage now is somewhat simple:

  • Open the relevant URL
  • as soon as I am prompted for the htaccess username and password, I press [Esc] then [F5] in order to refresh the page
  • Now the Back-End login fields appear
  • Bitwarden suggests two login items and I just need to select the item with the Back-End credentials

Many thanks for your patience and your appreciated help.

What is the setting of your Default URI Match Detection Rule?

Well, I am happy for you that this seems to work (for now), but this is counter to the documented and expected behavior, and I cannot reproduce it on my system. (The exception would be if your Default URI Match Detection happens to be set to “Never”, but I highly doubt that is the case).

Furthermore, as I mentioned in my original reply, the need for you to press Esc and F5 to autofill the Basic Auth prompt is also counter to the documented and expected behavior.

Nonetheless, I hope that your workaround continues to work for you.

What is the setting of your Default URI Match Detection Rule?
It is «Default match detection (recommended)»

Furthermore, as I mentioned in my original reply, the need for you to press Esc and F5 to autofill the Basic Auth prompt is also counter to the documented and expected behavior.
I am quite sure this is because the option «Auto-fill when loading the page» is disabled. I mentionned the reason for this above.

Nonetheless, I hope that your workaround continues to work for you.
Thank you. So do I :slight_smile:

Did you mean “Base domain (recommended)”? This would be the value set under Settings > Autofill > Additional Options, in the option labeled “Default URI Match Detection”.

Sorry, I mistranslated it from German. Here it says «Basis-Domain (empfohlen)».