I am running a DNN7.1 website. I have a regular website. I added a page which acts as login page for mobile users. I am using JQuery Mobile 1.3.2 on the mobile pages including this mobile login page. If the user navigates to that page and enters username and password, it works correctly and redirects them to the correct page sent on the url using a querystring, example:
http://localhost/Mobilelogin?url=http://localhost/somePage
it correctly redirects to
http://localhost/somePage
Now I want to add capability where user can directly send his username and password along with the url that he wants to navigate, the login page should authenticate using the username and password provided and once successful redirect it to the url (using asp.net Response.Redirect method), in the format
http://localhost/Mobilelogin?u=username&p=password&url=http://localhost/somePage
The issue is, it works fine if the user is not logged in but if he is already logged in and then uses the same url, (which has username and password) redirection doesn't work. I tried disabling the ajax using following code, as I read redirection and JQM doesn't work well.
$(document).on("mobileinit", function () {
$.extend($.mobile, {
linkBindingEnabled: false,
ajaxEnabled: false
});
});
But it still is not working. Can anyone please let me know what I need to do to make this work.
I tried debugging the login module, which is written in c#, when the user enters the url when not logged in, it calls the page load and hits the break point but when logged in and enters the url the break point is never hit. It looks like browser is not even contacting the server. I am new to JQM, I thought disabling the ajax globally will always hit the server to get the information. Is that not how it works? How can I make the redirection work in my case. Any help is greatly appreciated.
You need to be aware that by default, jQuery Mobile uses AJAX to load page content and does not "redirect" as per normal.
You should read the FAQ's as these provide useful information: -
http://view.jquerymobile.com/1.3.2/dist/demos/faq/
Specifically: -
.. it will only inject the contents of the response's body element (or
more specifically the data-role="page" element, if it's provided),
meaning nothing in the head of the page will be used
http://view.jquerymobile.com/1.3.2/dist/demos/faq/scripts-and-styles-not-loading.html
This might explain why your script doesn't execute, as if it's in the <head> it's not being loaded.
Related
When I use:
FormsAuthentication.SignOut()
FormsAuthentication.RedirectToLoginPage()
The URL will show a ReturnUrl string, is this normal? Is there a way to prevent this?
I could just use a response.redirect, but was wondering why it shows the Return URL also.
Thanks
This is used when a user requests a secure url, they are then redirected back to this page after authenticating.
Take a look at this resource, very useful. Forms Authentication
As for removing this part of the URL, I don't think this is possible (but I haven't looked into it since it's a useful feature). You often get links to things such as news articles. You don't mind re-authenticating, but if you were to then just go to a random home page, that would be annoying, the desired action would be to have the site automatically redirect to the page you initially requested.
Edit: Another reason besides a direct link that you need to authenticate for, could be a scenario where you're reading a multi-page article, you click next page and the session has expired. You're taken back to the login page, authenticate and then return to the page you were reading. It would be undesirable to return to the homepage for you to search for that article again.
The FormsAuthentication.RedirectToLoginPage() documentation states that this method is for when you want to redirect the user to the login page, for example if a user logs out and wants to log back in as somebody else.
The returnurl is so that they are returned to the page they started on after a successful login.
It sounds like if you want them to go to the home page or some other url then you shouldn't use FormsAuthentication.RedirectToLoginPage() here. A response.redirect would be a fine alternative in my view.
To answer your question, it doesn't seem that there is a way to disable the ReturnUrl and still use FormsAuthentication.RedirectToLoginPage().
HI Guys I have the same issue and I am looking to solve it. Here is detail I have two web sites WebsiteA and WebSiteB (WebsiteB is not in my control, A type of black box for me.).
Both websites have seprate login page
I have alist of users,password of websiteB which I stored in database.
I want a kind of common login page. If user is login to websiteA and he want to go to websiteB, he dont have to enter the login and password information again.
I can not touch the code of websiteB. it's alredy deployed and runing.
In websiteB in login form they have a Userid textbox and Password textbox and and a login Button. This butoon is not a submit button. It has a click event which calls a function to validate the user. it's not a simple post.
WebsiteB has one webpage which has different frames. After login sucessfull. The pages doesnt go to any other page it remain on the same page but load the different frame.
According to my knowledge. I can use httpwebrequest class. But faceing the following problem.
Can not click the button.
Response.Redirect does not work.
It seems that WebsiteB is not storing any thing in cookies as cookies always return me a empty string
I really appriciate if anyone can help me on it.
How Can I use response.Redirect . As when I redirect it shows me the same login page.
Without knowing how login works to site B I could not say for sure, but at some point, I'm sure there is a post with login information. My best guess at a solution would be try to imitate what site B does on login. Use firebug and watch what gets sent, and what is returned. You'll have to mimic this behavior.
It may be something like:
POST credentials to site B for verification, returns verification result.
If verification is good, use token from verification result to redirect to site B.
Again, without knowledge of site B, I could not say, but whatever it does, it likely does using normal http, thus you can probably duplicate it. That said, site B may forbid you from logging in by only accepting logins from certain URLs.
As for using the HttpWebRequest, I think you'll find you're better off just having a hidden form which you submit from site A.
A HttpWebRequest will execute on the server of WebsiteA. Even if you execute the correct HttpWebRequest POST to WebsiteB, you won't be able to pass that session cookie to the user's browser without also immediately redirecting to WebsiteB.
There are other single-sign-on techniques you may want to investigate - the approach you have described will not work.
HI I figure out . We can create a string of XML and the converting the string into bytes and then use the normal write function of HttpWebrequest to Write the XML.
Hi I am using IE7 and IE8 browser for running web appliction. I have login in the web application go on the next page. if have copy the url of the next page, and open new browser and paste url, then open directly next page. I mean my form authentication is not working. please help how to handle this issue.
I don't know enough about asp.net to give exact code, but your login page should create a new session if it isn't already created.
When the logic behind the authentication form verifies the username/password, it should set a session variable to mark the user as logged in.
Pages which require login should then check for that session variable, and redirect to the login page if not set.
Hope that helps!
My UI prototype requires me to show the sites login info all the time. Either I should show the usual username and password textbox or "you are logged in as". The last bit don't have to be secure, as it's only info to the user, nothing I will use server side. But the first part should send secure to the server.
It seems that I would have to use https for all pages on the site then. I would like to only use ssl for the things that are required to be secure.
One way is putting the login information into a https://../login.aspx and show it on my mainpage as an IFrame.
One disadvantage I can see is that the user won't know that https is being used, unless they read the IFrame src in the source code.
What do you think?
Are you using the built-in asp.net login controls or do you just use two textbox controls?
You could use your own form tag (not runat="server") with the action attribute set to "https://..." and just use two html input tags and a button to log on.
Again this wouldn't show the user that there credentials are secure when logging in.
Because of some recently discovered SSL attacks, it is always preferable to also put the logon form on a https:// page. Otherwise a hacked can intercept the http stream and change your form action from "https://..." to "http://..." and then sniff the credentials.
Another option would be to take advantage of the PostBackUrl property of the Button control.
You would need to create your own login LayoutTemplate to take advantage of this though. You would then be able to add the secure scheme to the current page URL, and set the PostBackUrl property of the submit button to that.
This would have a similar issues to your iFrame solution (the user wouldn't see the padlock symbols), however you would have the advantage that you wouldn't be using iFrames.
Another issue using an iFrame is the affects that they can have on the page:
They are a separate request, but can cause a block on the JavaScript PageLoad event firing.
The login form would only postback within the iFrame, so you'd need to refresh the parent page when the user is successfully logged in to remove it.
Additionally to that, errors would be returned in the iFrame, probably not leaving you much space for displaying the form as well, etc.
You've hit the major problems. You want the login, which needs to be on every page to use SSL, but you don't want the entire page to be SSL.
This is more of a business decision at this point than anything else. Would you rather your customers feel more secure about visiting your site, or do you want the login information present on every screen?
If you need to have both, you may need to also look at making your entire site SSL.
Currently building a site in ASP.NET MVC and have to integrate another site within it, in an IFrame. It is the wish of the client to have one login for both systems, so the user logs in in the parent site, and then are automatically authenticated on the IFramed site. Of course, if this were possible then it could be assumed that both sets of login credentials were the same. So, it there anyway this can be done easily?
Its worth noting that we don't have any real control over the IFramed site. Its basically a site that our client provide their customers for processing payments.
Thanks in advance!
(I suppose OpenID or WS*-Federation is out of the question?)
If the credentials are the same, couldn't you simply submit the credentials to the iframe before you submit your own login form?
Or if you want to check credentials first, then send them to your server, check return them back to the client as a javascript snippet that then does the iframe authentication. (But be aware you would be sending credentials back to the client as javascript.)
An example that might work for you:
Say your login Url is http://yourdomain/login and you also need to login to http://thirdparty/login
yourdomain/login wants two post variables "username" and "pwd" whereas thirdparty/login wants "uname" and "password".
Try to include jQuery in your project (there are ways to do it in javascript by itself, but you'll have to check what jQuery does in the background - but I strongly suggest not reinventing the wheel if you don't have to).
// this is the jQuery startup function, called once the page is loaded
$(function()
{
// register an event for the form submit
$("form[#action*='login']").submit(function(event){
// get username and pwd from the form
var _user = $("#username").val();
var _password = $("#pwd").val();
// and submit to the second login page
$.post("http://thirdparty/login", { user: _user, password: _password } );
// once the method returns and you don't do return false then the login form will be submitted as usual.
});
});
There may be one issue here that is that you are posting to a different url than the server that served the page. This may not be allowed, but you could bypass it by sending the post action of the original login page to the thirdparty page and login to your own system using the code above.
Reference:
JQuery Post: http://docs.jquery.com/Ajax/jQuery.post
JQuery Intercept Form Submit: http://blog.james-carr.org/2008/01/17/jquery-binding-submit-on-a-forms-action-attribute/