auto login remote site inner in iframe

Everything's possible. However the solution below is very insecure due to disclosure of access details to the remote page.

<form id="login" target="frame" method="post" action="http://remote.com/login">    <input type="hidden" name="username" value="login" />    <input type="hidden" name="password" value="pass" /></form><iframe id="frame" name="frame"></iframe><script type="text/javascript">    // submit the form into iframe for login into remote site    document.getElementById('login').submit();    // once you're logged in, change the source url (if needed)    var iframe = document.getElementById('frame');    iframe.onload = function() {        if (iframe.src != "http://remote.com/list") {            iframe.src = "http://remote.com/list";        }    }</script>

The values of username and password inputs are readable on the client side.

Here is my implementation for doing this. This does not solve the cross-domain issue though. For the cross-domain issue, you can try using jQuery's JSONP method (I haven't tried combining jQuery with this solution yet).

<iframe id="MyIFrame" width="400" height="400"></iframe><script type="text/javascript">    var iframeURL = 'http://mysite.com/path/applicationPage.aspx';    var iframeID = 'MyIFrame';    function loadIframe(){        //pre-authenticate        var req = new XMLHttpRequest();        req.open("POST",this.iframeURL, false, "username", "password"); //use POST to safely send combination        req.send(null); //here you can pass extra parameters through        //setiFrame's SRC attribute        var iFrameWin = document.getElementById(this.iframeID);        iFrameWin.src = this.iframeURL + "?extraParameters=true";    }    //onload, call loadIframe() function    loadIframe();   </script>

If you own the other site then you can try authentication through some token.

Pass an authorized token to url in the iframe.