 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / General / June 2007How to implement a automatic login function
hi guys. In my project, now I am using a asp.net login control and a customized membership provider to do the form authentication. Now I want some function that user can skip the login form and be authenticated and login the system automatically base on the username and password already in the session. Is that possible to do ? and how to do it? Cheers Victor You should be able to use the authentication API from the FormsAuthentication class to add/revoke a cookie for sign in status easily. Have a look at this for example: http://msdn2.microsoft.com/en-us/library/system.web.security.formsauthentication .setauthcookie.aspx  Signature~~~~~~~~~~~ Ben Rush http://www.ben-rush.net/blog > hi guys. > In my project, now I am using a asp.net login control and a customized [quoted text clipped - 5 lines] > Cheers > Victor Hi Victor, From your description, you want to add a code function that can help automatically make a user loggedIn without interactive operation through the login page, correct? As Ben has suggested, ASP.NET forms authentication provide API for us to programmatically do the authentication, and make a user turn from unauthenticated to authenticated status. For example, the following two methods can help make the current user loggedIn(by passing a username and boolean parameter) #FormsAuthentication.RedirectFromLoginPage Method http://msdn2.microsoft.com/en-us/library/system.web.security.formsauthentica tion.redirectfromloginpage.aspx #FormsAuthentication.SetAuthCookie Method http://msdn2.microsoft.com/en-us/library/system.web.security.formsauthentica tion.setauthcookie.aspx BTW, I'm still wondering your exactly code logic and scenario in the application, as you said that the username/password is in the session, then, how will you store username/password in session? password should never be persisted in memory after login/authentication. Anyway, if you have anything unclear or anything we missed, please feel free to post here. Sincerely, Steven Cheng Microsoft MSDN Online Support Lead ================================================== Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif ications. Note: The MSDN Managed Newsgroup support offering is for non-urgent issues where an initial response from the community or a Microsoft Support Engineer within 1 business day is acceptable. Please note that each follow up response may take approximately 2 business days as the support professional working with you may need further investigation to reach the most efficient resolution. The offering is not appropriate for situations that require urgent, real-time or phone-based interactions or complex project analysis and dump analysis issues. Issues of this nature are best handled working with a dedicated Microsoft Support Engineer by contacting Microsoft Customer Support Services (CSS) at http://msdn.microsoft.com/subscriptions/support/default.aspx. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights. Hi Victor, Have you got any progress or idea on this issue or does the suggesetion in our previous message help some? If you have any further question on this, please feel free to post here. Sincerely, Steven Cheng Microsoft MSDN Online Support Lead This posting is provided "AS IS" with no warranties, and confers no rights. On Apr 5, 3:44 am, stch...@online.microsoft.com (Steven Cheng[MSFT]) wrote: > Hi Victor, > [quoted text clipped - 9 lines] > > This posting is provided "AS IS" with no warranties, and confers no rights. I'm not sure if my issue is the same as Victor's but i need to send the username and password via a post to the site's initial page so that the user can be authenticated as if he had used a login control but skip the login process altogether. Ideally all this can be done so that the username and password is not sent in clear text. However we are willing to use SSL if necessary. How can a post request be fed to whatever class the login control feeds programmatially to obtain the same authenticated result? Thanks, Hi Rob, Thanks for your input. I think what you want to do is a bit different. What you want to do is like a web client which programmatically send http post request to send login credentials and pass the login page at server-side, just like many web crawler does, correct? For programmatically post http form data (through webrequest component in .net), here are some useful web links: #ASP.NET: Post Data Programmatically with "Webscraping" http://www.developer.com/net/asp/article.php/3645506 #Programmatically Posting Data to ASP .NET Web Applications http://dndj.sys-con.com/read/45127.htm #Https form post using Httpwebrequest brings back the same page. http://www.thescripts.com/forum/thread591965.html Hope this helps. Sincerely, Steven Cheng Microsoft MSDN Online Support Lead This posting is provided "AS IS" with no warranties, and confers no rights. On Apr 5, 9:27 pm, stch...@online.microsoft.com (Steven Cheng[MSFT]) wrote: > Hi Rob, > [quoted text clipped - 23 lines] > > This posting is provided "AS IS" with no warranties, and confers no rights. Thanks for the reply Steven, Unfortunately, this is not what I am after. I am simply trying to simulate a normal login. At the moment the site uses the login control connected to the Membership class. Under a normal login the CurrentUser is associated with the current session and can be picked up on any page by Membership.GetUser(). As per your suggestion earlier in this thread I've been able to pass in the username and password via a post and authenticate using the following. If Membership.ValidateUser(UserName, Password) Then FormsAuthentication.RedirectFromLoginPage(UserName, True) At least I think it authenticates because no error is returned but I can't really know for sure because I can pickup up the current user name in the normal way as follows: Dim CurrentUser As MembershipUser = Membership.GetUser() Message.Text = "Login Successfull. User = " & CurrentUser.UserName In this case Membership.GetUser() returns a null. Regards, RobGMiller Hi Victor, Have you got any further idea on this issue? If there is anything else we can help, please feel free to post here. Sincerely, Steven Cheng Microsoft MSDN Online Support Lead This posting is provided "AS IS" with no warranties, and confers no rights. I've to programmatically login to a third party web app (Tomcat/apache) and take the user to a landing page. I am able to programatically login succesfullly but I am not able to redirect the browser to the landing page. If I look at the logs on Tomcat side, I see the cookies are getting lost somewhere even though I pass the cookies between successive requests. I would appreciate any comments or suggestion rgeading how to take the user successfully to the landing page. string url = "http://10.112.60.86:8080/PCC/servlet/tpservlet"; HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url); CookieContainer CookieC = new CookieContainer(); string data = String.Format("USERID={0}&transactiontype={2}&FIID={3}&AUTHENTICATIONURL={4}&TARGET={5}", "DDBDB3099C5C04D36B91C0EA786C0996", "729E13B7AFB57796A30", "UserInqAuthActionBean", "1111", "http://atl50test2/CLKPCB/111111118/Site/TransfersPayments/opserror.asp", "BillPay.viewPayees"); byte[] buffer = Encoding.UTF8.GetBytes(data); req.AllowAutoRedirect = false; req.KeepAlive = true; req.Method = "POST"; req.ContentType = "application/x-www-form-urlencoded"; req.ContentLength = buffer.Length; req.UserAgent = "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"; req.CookieContainer = CookieC; Stream reqst = req.GetRequestStream(); // add form data to request stream reqst.Write(buffer, 0, buffer.Length); reqst.Flush(); reqst.Close(); HttpWebResponse res = (HttpWebResponse)req.GetResponse(); string landingpage= res.Headers["Location"]; CookieC.Add(res.Cookies); foreach (Cookie cook in CookieC.GetCookies(req.RequestUri)) { HttpCookie cookie = new HttpCookie(cook.Name); cookie.Name = cook.Name; cookie.Value = cook.Value; cookie.Domain = cook.Domain; cookie.Expires = cook.Expires; cookie.Path = cook.Path; cookie.Secure = cook.Secure; String str = String.Format("Name {0}: Value {1}: Domain {2}<BR>", cookie.Name, cookie.Value, cookie.Domain); HttpContext.Current.Response.AppendCookie(cookie); } //This statement fails HttpContext.Current.Response.Redirect(landingpage); I have to do the similar thing like automatically login to a third pary web > Hi Victor, > [quoted text clipped - 8 lines] > > This posting is provided "AS IS" with no warranties, and confers no rights. I am reposting my previous post with some correction: I've to programmatically login to a third party web app (Tomcat/apache) and take the user to a landing page. I am able to programatically login succesfullly but it takes me to the landing page but the third part app says my request is not authenticated. If I look at the logs on Tomcat side, I see the cookies are getting lost somewhere even though I pass the cookies between successive requests. I would appreciate any comments or suggestion regarading how to take the user successfully to the landing page. string url = "http://10.112.60.86:8080/PCC/servlet/tpservlet"; HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url); CookieContainer CookieC = new CookieContainer(); string data = String.Format("USERID={0}&transactiontype={2}&FIID={3}&AUTHENTICATIONURL={4}&TARGET={5}", "DDBDB3099C5C04D36B91C0EA786C0996", "729E13B7AFB57796A30", "UserInqAuthActionBean", "1111", "http://atl50test2/CLKPCB/111111118/Site/TransfersPayments/opserror.asp", "BillPay.viewPayees"); byte[] buffer = Encoding.UTF8.GetBytes(data); req.AllowAutoRedirect = false; req.KeepAlive = true; req.Method = "POST"; req.ContentType = "application/x-www-form-urlencoded"; req.ContentLength = buffer.Length; req.UserAgent = "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"; req.CookieContainer = CookieC; Stream reqst = req.GetRequestStream(); // add form data to request stream reqst.Write(buffer, 0, buffer.Length); reqst.Flush(); reqst.Close(); HttpWebResponse res = (HttpWebResponse)req.GetResponse(); string landingpage= res.Headers["Location"]; CookieC.Add(res.Cookies); foreach (Cookie cook in CookieC.GetCookies(req.RequestUri)) { HttpCookie cookie = new HttpCookie(cook.Name); cookie.Name = cook.Name; cookie.Value = cook.Value; cookie.Domain = cook.Domain; cookie.Expires = cook.Expires; cookie.Path = cook.Path; cookie.Secure = cook.Secure; String str = String.Format("Name {0}: Value {1}: Domain {2}<BR>", cookie.Name, cookie.Value, cookie.Domain); HttpContext.Current.Response.AppendCookie(cookie); } //This statement redirects to third party web server but it thinks that user is not authenticate Response.Redirect(landingpage); > I've to programmatically login to a third party web app (Tomcat/apache) and > take the user to a landing page. I am able to programatically login [quoted text clipped - 74 lines] > > > > This posting is provided "AS IS" with no warranties, and confers no rights. I am not sure I understand you. Do you mean: 1. User signed in once and has come back to the site? If so, set the persistence flag to true and the cookie will live on across all sessions. 2. User has signed in and is now surfing other pages? If so, you need to do nothing, as the user will be signed in. 3. User has signed into another site in your domain and you wish to allow him to hit all sites? If so, set the machines keys to the same value on all of your sites and call the cookie, explicitly, by the same name - all in config file. NOTE: You will not be able to switch stored session values from site to site. 4. You want certain users to be able to fake the login and be authenticated with another account? This can be done with the API, but how are you going to identify those users? Think this through carefully, as it is quite easy for a hacker to figure out he can use your site with querystrings, if that is your method of bypassing security. If you do not like the API, you can create MembershipUser objects and attach to an ongoing session. That will log them in, this time. SignatureGregory A. Beamer MVP; MCP: +I, SE, SD, DBA http://gregorybeamer.spaces.live.com ********************************************* Think outside the box! ********************************************* > hi guys. > In my project, now I am using a asp.net login control and a customized [quoted text clipped - 5 lines] > Cheers > Victor
Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.