I am creating a dashboard which uses a few iframes to bring in Solarwinds data. The problem righ now is that, everytime I load the iframe I have to type in the username and password and manually login.
Is there a way to do this by passing userid and password into the URL. The URL that my iframe calls to load the Solarwinds data is:
"http://myserver/Orion/DetachResource.aspx?ResourceID=XXXX&NetObject="
Note: xxxx = a 4 digit Resource ID
Yes, this is possible, but it will expose the password to anyone who views your dashboard since it will be right there in the source code as well as anyone watching network traffic or able to poke around the browser cache. If this is not something you are concerned about in your environment, you can include the credentials in the URL with the AccountID and Password query string parameters. Like this:
http://myserver/Orion/DetachResource.aspx?ResourceID=XXXX&NetObject=&AccountID=guest&Password=NotASecretAnymore
Related
Im currently connecting with a site which uses basic auth, and my url looks like http://username:password#mysite.com. It works, but everyone can see the password; Is there any method to hide it, by means of base64 or something similar?
This syntax is just a shortcut for the browser. Some browser will use this syntax to build the Authorization headers (some will not).
But. One thing is sure. You are giving the user+password to everyone. If your site use basic authentication, then you need to give the user and password information to your users, like in an email for example. Why would you add an authentication and then let everybody access the authenticated section?
HTTP Basic authentication is not very secure. But can be used to prevent indexation by bots, or with https. When you add this sort of (annoying) popup the users will have to enter the credentials, there is no other way. And the browser will record the credentials and add the same information (user+pass encoded in base64 -- which means is in clear text, no security--) for each page requested on your site until the browser is closed. So you do not need to add the credentials on the url, the browser will do it for you, after a first popup.
i'm making a scraper system... it's a challange by my teacher.
The idea is make a mobile app to do and store a class register, this way make possible to the teacher do your job into your smartphone and upload this data later.
We dont have access to college system, but we are imagining this scenario:
The App receive the data like Username and Password through your own graphic interface and make a login request to College WebSite simulating a human user.
The problem is know how to pass the login data by POST into the system... because the URL doesn't show the parameter entries like:
http://website.com/login.php?name=user
I'm looking for some idea... that help me to see the login parameters used in the browser request on the login process, after that i wanna try to loggin into the system by using URL parameters if possible or some other way.
the website is:
https://www.sigacentropaulasouza.com.br/fatec/login.aspx
UPDATED!!!
i'd a firebug installation into my browser and i saw something interesting in the Network Console of this plugin:
In the header, i saw something like:
Refer = https://www.sigacentropaulasouza.com.br/fatec/login.aspx?MyUserName,MyPassWord
so... i've trying to access my profile page by passing this URL into my browser.
Without Success!
I think... because this page uses the HTTPS probably?!
Any idea?
I am interested to detect the email client or website a new user of my site is redirected from. For instance, if he was redirected from Gmail.com (by clicking a link in one of his email there) I would like to track that.
If I need to manipulate the links leading to my website somehow I can do that.
I know there is a way to do that cause I have seen many sites and services doing it but I would like to find out how. I can track the user agent but this tells me nothing about the site or email client.
You must use QueryStrings for this purpose. For example the link that sends the user to your site must be like this www.yourwebsite.com/default.aspx?sender="googleMail"
You can get this using the code shown below when your default.aspx page loads
if(Request.QueryString["sender"]!=null)
{
string Sender=Request.QueryString["sender"].ToString();
}
You can set different Querystrings like
www.yourwebsite.com/default.aspx?sender="googleMail"
www.yourwebsite.com/default.aspx?sender="YahooMail"
www.yourwebsite.com/default.aspx?sender="googleAdsense"
There are methods to trace the users Browser, IP address etc. But to trace this you must adopt the above method.
HI Guys I have the same issue and I am looking to solve it. Here is detail I have two web sites WebsiteA and WebSiteB (WebsiteB is not in my control, A type of black box for me.).
Both websites have seprate login page
I have alist of users,password of websiteB which I stored in database.
I want a kind of common login page. If user is login to websiteA and he want to go to websiteB, he dont have to enter the login and password information again.
I can not touch the code of websiteB. it's alredy deployed and runing.
In websiteB in login form they have a Userid textbox and Password textbox and and a login Button. This butoon is not a submit button. It has a click event which calls a function to validate the user. it's not a simple post.
WebsiteB has one webpage which has different frames. After login sucessfull. The pages doesnt go to any other page it remain on the same page but load the different frame.
According to my knowledge. I can use httpwebrequest class. But faceing the following problem.
Can not click the button.
Response.Redirect does not work.
It seems that WebsiteB is not storing any thing in cookies as cookies always return me a empty string
I really appriciate if anyone can help me on it.
How Can I use response.Redirect . As when I redirect it shows me the same login page.
Without knowing how login works to site B I could not say for sure, but at some point, I'm sure there is a post with login information. My best guess at a solution would be try to imitate what site B does on login. Use firebug and watch what gets sent, and what is returned. You'll have to mimic this behavior.
It may be something like:
POST credentials to site B for verification, returns verification result.
If verification is good, use token from verification result to redirect to site B.
Again, without knowledge of site B, I could not say, but whatever it does, it likely does using normal http, thus you can probably duplicate it. That said, site B may forbid you from logging in by only accepting logins from certain URLs.
As for using the HttpWebRequest, I think you'll find you're better off just having a hidden form which you submit from site A.
A HttpWebRequest will execute on the server of WebsiteA. Even if you execute the correct HttpWebRequest POST to WebsiteB, you won't be able to pass that session cookie to the user's browser without also immediately redirecting to WebsiteB.
There are other single-sign-on techniques you may want to investigate - the approach you have described will not work.
HI I figure out . We can create a string of XML and the converting the string into bytes and then use the normal write function of HttpWebrequest to Write the XML.
I have a contact us form in our website which would send out an email to the site admin when submitted. I would like to know from which site the user has landed onto this page and how many unique users have come here and such things... I have used Google Analytics but it sends out only information on the adword that the user has clicked. I would like to know from which site and from the user came in so that I can add this referring site when email is being sent to the site admin.
I am guessing that the referring site will always have some URL manipulation to redirect here so how can i grab that URL? or is there any other better way to achieve this?
Does the environment variable HTTP_REFERRER give what you want?
You can can begin collecting this data without adding any javascript to your Site's pages, using your server's access logs. If your server is Apache, then as long as you set your config file to record data to your access log in the Combined Log Format, then you are already collecting referrer (i.e., this is one of two additional fields appended to each line in the logfile when you specify the Combined Log Format versus the (default) Common Log Format, the other field is the user agent; both 'referer' and user-agent are taken from the respective HTTP request headers).
Another advantage of this method is that if you have been logging using the Combined Log Format, then you also have the data you want going back in time, as far back as you archive your logfiles.