CodeCharge Studio
search Register Login  

Visual PHP Web Development

Visually Create Internationalized Web Applications, Web Reports, Calendars, and more.
CodeCharge.com

YesSoftware Forums -> CodeCharge Studio -> .NET

 AutoFill in username and password in a Login Page

Print topic Send  topic

Author Message
GBGY
Posted: 04/10/2005, 6:43 AM

Hi, all

is it be possible to modify a Login page which transfer from other web site where the Login name and password is passing from the referred site

e.g I had logged in http://www.mysite1.com with username abc, password with abc and where I have a link in this site to redirect to http://www.mysite2.com/Login.asp?username=abc,password=abc then the Login page in http://www.mysite2.com/Login.aspx will automatic validate the request

If possible, please post code or how?

Many Thanks
rclayh

Posts: 8
Posted: 04/11/2005, 7:10 AM

It's not secure if you pass the login and password in the query string. It is possible to bypass the login page (or rather autologin) again only in an enviroment where security is lower priority. All you would have to do in CodeCharge is redirect them to any page in your site that requires a login. This will invoke the CCS login page. If I was doing it, I would probably set a couple of session variables login and password. Here is a code snippet I created in the Before Show page event.

'Pull the identity from the windows login
Dim CurrentUser as String = Web.HttpContext.Current.User.Identity.Name.ToString()
'End Pull Identity

If InStr(CurrentUser,"IUSR") Then
'They are not logged in as a specific user load the login form
Else
'Need to split the CurrentUser at the \
Dim myIndex as Integer = CurrentUser.IndexOf("\")
CurrentUser = CurrentUser.Remove(0,myIndex + 1)
Dim myUserPassword as String = Settings.conHelpDeskSQLDataAccessObject.ExecuteScalar("SELECT UserPassword FROM Personnel WHERE UserName='"& CurrentUser & "'").ToString

'Here is the code that bypasses actually having to login....
If DBUtility.CheckUser(CurrentUser, myUserPassword) Then
If Not(HttpContext.Current.Request("ret_link") is Nothing) Then
If Not(HttpContext.Current.Request("ret_link")="") Then
Response.Redirect(HttpContext.Current.Request("ret_link"))
End If
End If
End If
End If
'End snippet

In this snippet I'm assuming if they passed windows security they are OK and I'm just pulling their password from the database. I' m performing the same validation that CodeCharge's login button does and invoking the redirect back to the calling page.

No separate login required - if they passed windows security and they are in the user database they can use the app, no problem.

Hope this helps.

Clay
View profile  Send private message

Add new topic Subscribe to topic   


These are Community Forums for users to exchange information.
If you would like to obtain technical product help please visit http://support.yessoftware.com.

PHP Reports

Visually create Web Reports in PHP, ASP, .NET, Java, Perl and ColdFusion.
CodeCharge.com

Home   |    Search   |    Members   |    Register   |    Login


Powered by UltraApps Forum created with CodeCharge Studio
Copyright 2003-2004 by UltraApps.com  and YesSoftware, Inc.