Displaying Password-Protected Pages in SuperPreview
By: Steven Schermerhorn, Expression Web
Expression Web Team Blog
I'm Steven Schermerhorn, one of the developers that worked on the SuperPreview program which is provided with Expression Web 3. Ever since we released the first
beta version of SuperPreview for Internet Explorer, the Expression Web team has received a lot of constructive
feedback about SuperPreview. One suggestion we frequently receive is to add support for password-protected web pages.
final 2009 version of SuperPreview supports only NTLM authentication, which is commonly used by sites on corporate intranets. Pages on networks that use NTLM authentication don’t require the user to login to view the pages; instead, they rely on the site visitor’s Windows login credentials. So if your computer is on the same network as the page that relies on NTLM authentication, you should have no problems opening the page in SuperPreview. (For in depth information about NTLM, see
If your page is on a network that uses any other type of user authentication, instead of displaying the page you specify, SuperPreview displays whatever page normally appears when a site visitor tries to view a password-protected page without logging into the site. For example, here’s how the URL for the Facebook group page for Microsoft Expression (
http://www.facebook.com/home.php?#/pages/Microsoft-Expression/25302165781) appears when you open it in SuperPreview:
If you are logged into Facebook, that same URL displays a very different page in Internet Explorer than what SuperPreview can display. We weren't able provide support for all other types of user authentication in time for this year's release. However, I have one suggestion that might help you work around this: enable debug access to the website you are developing. How you or your server admin enables debug access to the website all depends on your server's configuration, and I cannot document all scenarios here.
Once you've enabled debug access to your website, you can use SuperPreview to display your password-protected page by opening the URL using this syntax: http://www.example.com/default.php?user=joe, where http://www.example.com is your site's domain, default.php is the path to your page, and joe is a valid username.
This basic debug access isn't something we recommend for a live, publically accessible server environment. However, in that scenario you could also setup additional security for your debug environment, such as to allow requests from only a particular IP range or a specific port that isn't available outside your network. For what it's worth, I used this kind of debug environment in nearly every web application I developed in my former life as a web developer.
Hope this helps!