We have third party applications I need to link from my application. Where for those third part web sites I have user name and password with us (They are public websites). When the user click on those links we need to prefill user name and password and submit the form. Like single sign on kind of experience for the user. Is anyone tried doing this how we can do it. We need to open the web page with in Iframe or with in DEV ?
ASP.NET, Jquery and Java Script our platform.
I ended up getting the login page into my project and towards the end with jquery I posted the form filling the the user name and password. Not good solution but it works well
Related
I have a Website written in Asp.Net MVC.
I have been getting strange requests to my website which I think is a Hacking attempt but I'm clueless at what is being tried.
The requests are like this, but vary in length.
/Account/Login?returnUrl=%2FAccount%2FLogin%3FreturnUrl%3D%252FAccount%252FLogin%253FreturnUrl%253D%25252FAccount%25252FLogin%25253FreturnUrl%25253D%2525252FAccount%2525252FLogin%2525253FreturnUrl%2525253D%252525252FAccount%252525252FLogin%252525253FreturnUrl%252525253D%25252525252FAccount%25252525252FLogin%25252525253FreturnUrl%25252525253D%2525252525252FMembers%2525252525252FMemberInfo%2525252525252FDaddyPat
/Account/Login?returnUrl=%2FAccount%2FLogin%3FreturnUrl%3D%252FAccount%252FLogin%253FreturnUrl%253D%25252FAccount%25252FLogin%25253FreturnUrl%25253D%2525252FAccount%2525252FLogin%2525253FreturnUrl%2525253D%252525252FAccount%252525252FLogin%252525253FreturnUrl%252525253D%25252525252FAccount%25252525252FLogin%25252525253FreturnUrl%25252525253D%2525252525252FMembers%2525252525252FMemberInfo%2525252525252FCumberdum
/Account/Login?returnUrl=%2FAccount%2FLogin%3FreturnUrl%3D%252FAccount%252FLogin%253FreturnUrl%253D%25252FAccount%25252FLogin%25253FreturnUrl%25253D%2525252FAccount%2525252FLogin%2525253FreturnUrl%2525253D%252525252FAccount%252525252FLogin%252525253FreturnUrl%252525253D%25252525252FAccount%25252525252FLogin%25252525253FreturnUrl%25252525253D%2525252525252FMembers%2525252525252FOrgInfo%2525252525252FCGG
I'm not supporting normal login with name and password but only showing a button which allows you to login with steam using the openid.
When I open the link myself it just takes me to the login page and does nothing. Is the bot just stopping as I do not have a Name and Password input boxes?
hi i would like to know how would you lougout an user if he modifies the url or refreshes the web pages like in bank web sites
in asp .net.
Thanks for your answers
I have implemented a solution similar to Vignesh Kumar's answer by using roles and restricting access to pages based on the roles a user has. When a user logs in I check which pages they can access based on their assigned roles and build the navigation menu accordingly so that they're not able to navigate to restricted pages.
In my master page's Page_Load method I check whether a user has access to the page they're trying to access and if not I log them out and redirect them to the login screen.
I am attempting to add the Html.AntiForgeryToken() to the login form of a MVC3 site. This form is on every page of the site. I have noticed that if the user opens multiple tabs on the site, and then goes back to an old tab and submits the login form, the tokens on the other tabs become invalid, even when using salt. Is there any way to work around this?
This is just one example, there are other forms on the site that users seem to be opening multiple tabs to.
We have same issue on our e-commerce websites.
In my situation user can put things to his basket without logging in. But after opening several tabs without logging in, user decides to login and tries to add all products after logging in in one tab and that's where error lies.
So I decided to put a get on this pages just before submitting the form to get a new AntiForgeryToken.
I created a new partial view with only Html.AntiForgeryToekn in it and calling it via AJAX before submitting the form. And replace __RequestVarificationToekn value on form with the new one.
I Hope this solves the issue for you.
Are you using FormsAuthentication to login? If yes then the same token instance is being shared across multiple tabs while logging in, and hence all users with existing cookies will run into trouble. To work around this, please follow this post for further help
MVC-ANTIFORGERY-TOKEN
I have to create a simple ASP login page. We're not using Windows authentication or anything like that. The project is a conversion from a legacy VB6 program. Login accounts and passwords are stored in a SQL table, not the way to do it, but it is what it is. I can call the old login functions and redirect the window based on the return values.
Is there a decent-looking login form out there I could use? I tried the login control in the toolbox, but that thing seems to be married to Windows authentication.
I really just need an empty control that looks good. Any ideas?
Thanks,
Jason
Google for "Login Templates".. artfans.info/login-page-template-tag-style – Nikhil Bhandari
Dear Experts,
I'm working with visual studio 2010
I’ve put a login component on my page, and defined users and roles in the asp.net web application administration
I don’t know why, but it’s not working, it’s not redirecting to the start page
It verifies the right and wrong passwords, and once it’s correct user name and password it doesn’t redirect… it just refresh the page and do nothing
Now, I thought I could debug step by step to know where it goes wrone, but since there is no code written , I don’t know where to put the breakpoint… that is my question
Please can you help me
.
If the login is succesful, to redirect the user to another page you should use the DestinationPageUrl property of the login control.