Share this page 

Allow user:password in URLTag(s): Networking Security Common problems WinAPI/Registry


The following URL syntax is no longer supported in Internet Explorer or in Windows Explorer after you install the MS04-004 Cumulative Security Update for Internet Explorer (832894):
http(s)://username:password@server/resource.ext
This change in the default behavior is also implemented by security updates and service packs that were released after the 832894 security update.

By default, this new default behavior for handling user information in HTTP or HTTPS URLs applies only to Windows Explorer and Internet Explorer. To use this new behavior in other programs that host the Web browser control, create a DWORD value named SampleApp.exe, where SampleApp.exe is the name of the executable file that runs the program. Set the DWORD value's value data to 1 in one of the following registry keys.

  • For all users of the program, set the value in the following registry key:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\
         Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
    
  • For the current user of the program only, set the value in the following registry key:
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\
        Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
    

    To disable the new default behavior in Windows Explorer and Internet Explorer, create iexplore.exe and explorer.exe DWORD values in one of the following registry keys and set their value data to 0.

  • For all users of the program, set the value in the following registry key:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\
          Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
    
  • For the current user of the program only, set the value in the following registry key:
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\
          Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
    

    ref Microsoft Article ID : 834489