Webmaster-Talk.com > Coding Talk > ASP Forum > .NET Programming Forum > ASP.NET: Passing Credentials from one site to another.

Reply
ASP.NET: Passing Credentials from one site to another.
Old 11-06-2009, 02:07 PM ASP.NET: Passing Credentials from one site to another.
mb2000inc's Avatar
Super Talker

Posts: 118
Name: Mark
Location: Ohio
Trades: 0
Talkupation: mb2000inc is on a distinguished road
Essentially what is going to happen, is our company (X) will host a login page for a program hosted on two other companie's servers (Y & Z).

If your credentials match up to one (Y) then you will be directed to that site. If your credentials match up to the other (X) then you will be directed to that site. Both of which will be loging you in by the credentials posted in the login form.

I thought of two ways to do this:

1) via query string (not the best idea)
2) via check box that says you are logging in to company (X) or company (Y)... then redirecting you to the appropriate location and passing the information by something like This:
Code:
Request.ServerVariables("HTTP_REFERER")
Do you think either of these would work? If so, how would I go about getting that connection between the sites?

This one has me baffled.
__________________
Need a vacation.
mb2000inc is offline
Reply With Quote
View Public Profile Visit mb2000inc's homepage!
 
 
When You Register, These Ads Go Away!
Old 11-06-2009, 02:24 PM Re: ASP.NET: Passing Credentials from one site to another.
chrishirst's Avatar
Super Moderator

Latest Blog Post:
A Simple DHTML Tabbed Interface
Posts: 22,198
Location: Blackpool. UK
Trades: 0
Talkupation: chrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond repute
It makes no difference what server technology you use, it is the HTT Procol that determines the how, and there is only two ways in HTTP of passing information between to disparate server entities.
Querystring (GET) and form data (POST).
__________________
Chris. ->> Links are advertising NOT optimising!! <<-
Growing old is mandatory - Growing up is optional
Code Samples | People Counting System | Bits & Bobs
chrishirst is online now
Reply With Quote
View Public Profile Visit chrishirst's homepage!
 
Old 11-06-2009, 02:47 PM Re: ASP.NET: Passing Credentials from one site to another.
mb2000inc's Avatar
Super Talker

Posts: 118
Name: Mark
Location: Ohio
Trades: 0
Talkupation: mb2000inc is on a distinguished road
Yeah, I get that. But what I'm asking is setting it up so that I can actually pass that information in the back end.

Ok, this is a quick mockup - forgive my photoshop skills - of what I'm trying to accomplish. Based on the credentials and which check box you choose... if you choose one, then the form's action would be to post to www.siteX.com/securelogin if you chose the other check box, the forms action would be to post to www.siteY.com/securelogin Do you catch my drift on that?


I'm sorry if I can't explain it right... I have a tendency not to do very well with that... as you've probably read before. What I'd like to do is figure out how to create the function that will tell the page that the form's method/action would be POST and which site it goes to for the action....

what are your thoughts?
__________________
Need a vacation.
Last edited by mb2000inc; 11-06-2009 at 02:49 PM..
mb2000inc is offline
Reply With Quote
View Public Profile Visit mb2000inc's homepage!
 
Old 11-06-2009, 04:32 PM Re: ASP.NET: Passing Credentials from one site to another.
mb2000inc's Avatar
Super Talker

Posts: 118
Name: Mark
Location: Ohio
Trades: 0
Talkupation: mb2000inc is on a distinguished road
Ok, so what about this....?
I go and POST the information but I want to re-write the form's action attribute... basically, I can tell the page that if a user logs in with their credentials, their directed to one site... if it returns invalid, then re-write the action that redirects the user to the other site....?

This would get rid of the check boxes and just handle everything behind the scenes...

Psuedo Code:
Code:
'first validate the form
IF the form validation is ok THEN
     form action = www.siteX.com/securelogin
     IF form action returns invalid login THEN
         form action = www.siteY.com/securelogin
     END IF
ELSE
      Use client script to popup a window that says that they are missing credentials
END IF
Do you think something like that would work?
Please let me know what you thoughts are....
__________________
Need a vacation.
Last edited by mb2000inc; 11-06-2009 at 04:33 PM..
mb2000inc is offline
Reply With Quote
View Public Profile Visit mb2000inc's homepage!
 
Old 11-06-2009, 05:53 PM Re: ASP.NET: Passing Credentials from one site to another.
chrishirst's Avatar
Super Moderator

Latest Blog Post:
A Simple DHTML Tabbed Interface
Posts: 22,198
Location: Blackpool. UK
Trades: 0
Talkupation: chrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond repute
Well your check boxes should be radio buttons.

Do I take that IF they have a company/merchant id they login to "premier" otherwise they login to "standard" ?

Or is there more to it?
__________________
Chris. ->> Links are advertising NOT optimising!! <<-
Growing old is mandatory - Growing up is optional
Code Samples | People Counting System | Bits & Bobs
chrishirst is online now
Reply With Quote
View Public Profile Visit chrishirst's homepage!
 
Old 11-12-2009, 02:32 PM Re: ASP.NET: Passing Credentials from one site to another.
mb2000inc's Avatar
Super Talker

Posts: 118
Name: Mark
Location: Ohio
Trades: 0
Talkupation: mb2000inc is on a distinguished road
Actually, both sites require those credentials... it's a matter of which one accepts what credentials.... don't know if that makes any sense.

They nixed my idea for the checkboxes and want it all to happen behind the scenes.... So, if a user logs in... the backend will direct the user to one site, and if it returns an error or invalid login, then the backend will redirect the user with the appropriate credentials to the next site, thus logging them in to that site.

I originally started with an onpageload event that looked for an error code
"request.querystring"

If it's null, then nothing... let the user log in.

If there's an error, post the data to the next site with those credentials.

(I'll work on correcting type-os and the proper redirects after I get the initial functionality working.)

I started dabbling with it in C# and came up with a solution, if I can just get it to "POST"... stepping through the code, I noticed that it's just passing over the code that tells it to "POST".

I'm pulling my hair out over this.
__________________
Need a vacation.
mb2000inc is offline
Reply With Quote
View Public Profile Visit mb2000inc's homepage!
 
Old 11-12-2009, 02:36 PM Re: ASP.NET: Passing Credentials from one site to another.
mb2000inc's Avatar
Super Talker

Posts: 118
Name: Mark
Location: Ohio
Trades: 0
Talkupation: mb2000inc is on a distinguished road
Here's the C# that I was playing with...
Code:
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Text;
using System.Net;
using System.IO;
publicpartialclass_Default : System.Web.UI.Page
{
 
privatevoid OnPost1()
{
using (WebClient wc = newWebClient())
{
wc.Proxy = null;
System.Collections.Specialized.NameValueCollection data = new System.Collections.Specialized.NameValueCollection();
data.Add("CID", CID.Text);
data.Add("LoginID", LoginID.Text);
data.Add("LoginPasswd", LoginPasswd.Text);
//*******************************************************************************//
//what happens, is this part is completely ignored... the browser attempts to go // 
//to site and post the data - but does not actually do anything. //
//*******************************************************************************//
byte[] result = wc.UploadValues(http://www.siteX.com/login, "POST", data);
}
}
privatevoid OnPost2()
{
string strMerchID = Session["id"].ToString();
string strUserID = Session["log"].ToString();
string strPassword = Session["psw"].ToString();
using (WebClient wc = newWebClient())
{
wc.Proxy = null;
System.Collections.Specialized.NameValueCollection data = new System.Collections.Specialized.NameValueCollection();
data.Add("merchant_id", strMerchID);
data.Add("user_id", strUserID);
data.Add("password", strPassword);
byte[] result = wc.UploadValues(http://www.siteY.com/login, "POST", data);
}
}
protectedvoid Page_Load(object sender, EventArgs e)
{
if (!Page.IsPostBack)
{
if (string.IsNullOrEmpty(Request.QueryString["err"]))
{
Div1.Visible = true;
Div2.Visible = false;
}
else
{
merchant_id.Text = (string)Session["id"];
user_id.Text = (string)Session["log"];
password.Text = (string)Session["psw"];
Div1.Visible = false;
Div2.Visible = true;
OnPost2();
}
}
}
protectedvoid Button1_Click(object sender, EventArgs e)
{
Session["id"] = CID.Text;
Session["log"] = LoginID.Text;
Session["psw"] = LoginPasswd.Text;
OnPost1();
}
}
Let me know your thoughts as soon as possible please...

<pointless-ness>I'm going to be completely bald by the weekend.... and my wife won't like that too much.... she likes my hair </pointless-ness>
__________________
Need a vacation.
Last edited by mb2000inc; 11-12-2009 at 02:42 PM..
mb2000inc is offline
Reply With Quote
View Public Profile Visit mb2000inc's homepage!
 
Old 11-13-2009, 10:18 AM Re: ASP.NET: Passing Credentials from one site to another.
mb2000inc's Avatar
Super Talker

Posts: 118
Name: Mark
Location: Ohio
Trades: 0
Talkupation: mb2000inc is on a distinguished road
Ok, new thought.... Sorry for the many many posts...
I'm just trying to work these things out as I go.

What about this...

TWO FORMS (one set as visible="false")
TWO Submit Buttons (one in the invisible form)
When the user logs in with the credentials that returns an error, the page_load function makes the second form visible and turns the first form invisible.... then automatically clicks the second button.

I started playing with that... and I can't figure out how to make that button submit.

I know the basic functionality of automatically clicking a button:
Code:

Button1_Click(Nothing, Nothing)
But I need something to tell that button how to submit the form.

Any thoughts?
__________________
Need a vacation.
mb2000inc is offline
Reply With Quote
View Public Profile Visit mb2000inc's homepage!
 
Old 11-16-2009, 04:19 PM Re: ASP.NET: Passing Credentials from one site to another.
mb2000inc's Avatar
Super Talker

Posts: 118
Name: Mark
Location: Ohio
Trades: 0
Talkupation: mb2000inc is on a distinguished road
Ok, so, what I'm doing is this...
on page load, the first thing that happens is I check for a querystring with an error code... if there isn't one present, then nothing... go about doing things normally with a button1_click event when the form is submitted... and storing the text box information in a cookie so that, when/if it returns an error code, the page load function is called...
Code:
ProtectedSub Button1_Click(ByVal sender AsObject, ByVal e As System.EventArgs) Handles Button1.Click
'declare variables
Dim strLID AsString = CID.Text
Dim strLOD AsString = LoginID.Text
Dim strPSW AsString = LoginPasswd.Text
'start a session and place a cookie on the user's machine!
Session("APLogin") = "login"
'create a cookie to place on the user's machine
Response.Cookies("APLogin")("LID") = strLID
Response.Cookies("APLogin")("LOD") = strLOD
Response.Cookies("APLogin")("PSW") = strPSW
Response.Cookies("APLogin").Expires = DateTime.Now.AddDays(1)
Dim UserCookie AsNew HttpCookie("Login")
UserCookie.Values("LID") = strLID
UserCookie.Values("LOD") = strLOD
UserCookie.Values("PSW") = strPSW
UserCookie.Expires = DateTime.Now.AddDays(1)
Response.Cookies.Add(UserCookie)
Dim strScript AsString = "<script language=JavaScript>"
strScript += "document.form1.action ='http://www.siteX.com/login';"
strScript += "document.form1.submit();"
strScript += "</script>"
If (Not ClientScript.IsStartupScriptRegistered("ClientScript")) Then
ClientScript.RegisterClientScriptBlock(Me.GetType(), "ClientScript", strScript)
EndIf
EndSub
If there is an error code returned in the querystring, then we're loading javascript function (on the server side) that tells the browser to submit a second form.

Code:
ProtectedSub Page_Load(ByVal sender AsObject, ByVal e As System.EventArgs) HandlesMe.Load
IfNot Page.IsPostBack Then
'Dim strCode As String
IfString.IsNullOrEmpty(Request.QueryString("err")) Then

form1.Visible = True
form2.Visible = False
Else
form1.Visible = False
form2.Visible = True

'request the cookies stored on the users machine
IfNot Request.Cookies("APLogin") IsNothingThen
merchant_id.Text = Server.HtmlEncode(Request.Cookies("APLogin")("LID"))
user_id.Text = Server.HtmlEncode(Request.Cookies("APLogin")("LOD"))
password.Text = Server.HtmlEncode(Request.Cookies("APLogin")("PSW"))
EndIf
Dim strScript AsString = "<script language=JavaScript>"
strScript += "document.form2.action ='http://www.siteY.com/login';"
strScript += "document.form2.submit();"
strScript += "</script>"
If (Not ClientScript.IsStartupScriptRegistered("ClientScript")) Then
ClientScript.RegisterClientScriptBlock(Me.GetType(), "ClientScript", strScript)
EndIf
EndIf
EndIf
EndSub
Currently, the issue is that the button1 function fires twice (while stepping through the code) and the page_load event goes through a postback for some reason...

What are your thoughts?

Please, I need to get this to work soon... my bosses are really getting pissy.
__________________
Need a vacation.
mb2000inc is offline
Reply With Quote
View Public Profile Visit mb2000inc's homepage!
 
Old 11-17-2009, 10:17 AM Re: ASP.NET: Passing Credentials from one site to another.
mb2000inc's Avatar
Super Talker

Posts: 118
Name: Mark
Location: Ohio
Trades: 0
Talkupation: mb2000inc is on a distinguished road
So, if anyone is watching... I have it working... to a point.

The problem that remains, is when it redirects to the second site... it doesn't pass the values of the second form (password).

I'm using this to populate the password with the value of the cookie:
Code:
IfNot Request.Cookies("APLogin") IsNothingThen
merchant_id.Text = Server.HtmlEncode(Request.Cookies("APLogin")("LID"))
user_id.Text = Server.HtmlEncode(Request.Cookies("APLogin")("LOD"))
'password.Text = Server.HtmlEncode(Request.Cookies("APLogin")("PSW"))
password.Attributes.Add("value", Server.HtmlEncode(Request.Cookies("APLogin")("PSW")))
EndIf
Any thoughts?
__________________
Need a vacation.
mb2000inc is offline
Reply With Quote
View Public Profile Visit mb2000inc's homepage!
 
Reply     « Reply to ASP.NET: Passing Credentials from one site to another.
 
Previous Thread | Next Thread Webmaster-Talk.com > Coding Talk > ASP Forum > .NET Programming Forum > ASP.NET: Passing Credentials from one site to another.

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Webmaster Resources Marketplace:
Software Development Company | Webhosting.UK.com | Text Link Brokers | Dedicated Server Hosting | Managed Hosting 


   
RSS Feed  Feeds: RSS   JS   XML
RSS Feed  Feeds for this forum: RSS   JS   XML

 



Page generated in 0.13952 seconds with 13 queries