I am trying to achieve auto login with given credentials in the back while users can directly see a logged in web page so that they don't need to type or know the credentials. Is there a way to do this without any credentials show up in the URL from user's side?
If you only have a link to work with, this is not possible.
Related
Im currently connecting with a site which uses basic auth, and my url looks like http://username:password#mysite.com. It works, but everyone can see the password; Is there any method to hide it, by means of base64 or something similar?
This syntax is just a shortcut for the browser. Some browser will use this syntax to build the Authorization headers (some will not).
But. One thing is sure. You are giving the user+password to everyone. If your site use basic authentication, then you need to give the user and password information to your users, like in an email for example. Why would you add an authentication and then let everybody access the authenticated section?
HTTP Basic authentication is not very secure. But can be used to prevent indexation by bots, or with https. When you add this sort of (annoying) popup the users will have to enter the credentials, there is no other way. And the browser will record the credentials and add the same information (user+pass encoded in base64 -- which means is in clear text, no security--) for each page requested on your site until the browser is closed. So you do not need to add the credentials on the url, the browser will do it for you, after a first popup.
Can i log in to my Facebook account (Knowing user id and password), in the server using Facebook php-sdk, and without need to click any URL?
If yes, please explain.
It is against Facebook's Terms of Service to use a user's email address and password to login to their account. You should instead use the Facebook API to achieve this, but it requires manual login by a user.
There are ways of achieving automatic login using credentials, but since it's not allowed, I won't go into detail. Facebook also detects and prevents most of the common method of auto-login.
I have one situation. I create a website. Then I put a tab that will link to Facebook authorization login page. Can I pass login parameter(Email,Password) to the Facebook authorization login page?? So that the user can authorize the application without see the authorization login page.
Thanks.
No. You can't do that. It would require the user to give you their facebook password which obviously would be breaking all kinds of terms and conditions. This is what OAuth is for. Check out the documentation on authentication
Scenario: I have the membership provider setup and its currently pointing to a SQL database on my machine. The role based access works and I have a menu that is security trimmed. The user can only get to pages that they have access to.
Problem: When an anonymous user tries to get to a page that they dont have access to it brings them to a login page so that they can login. That is fine. But when a logged in user tries to get to a page they dont have access to(Usually by typing in a URL) it brings them to the login page again asking them to login(except there already logged in. I'd like to either take them to a different page or somehow tell them they don't have access. Any ideas/suggestions?
Thanks in advance
This is what I use. They point out that using <customErrors> won't work because of the way the 401 status gets changed and provide a solution.
I have dummy username and pasword to enter in linkedin. From an asp.net application, when the button is clicked i need to login automatically used the username and password in linkedIn.
How to do that?
Thanks
A direct (server to server) login is not possible. It wouldn't be nice to ask your users for their LinkedIn account and password.
You can implement OAuth between you (consumer) and LinkedIn (provider) and let the user log directly to LinkedIn. More info about this on:
http://developer.linkedin.com/docs/DOC-1008
By loading your destination URl into a Web-browser element and being redirected, .net would allow handling of the body html and auto click of the login for this.
Alternatively you can pass the header value with the request that would pass through auth - should last 2 days a time I believe.