Forms Authentication issue with WebBrowser Class in asp.net - asp.net

I am developing a site and in this site i m building a functionality to capture a screen shot of a page. In my site i am using forms authentication.now first of all.
So when user login to the website he/she has to enter the credentials and then go to their profile page.
So now i am just creating a thumbnail of the user profile page using WebBrowser Control but the problem is , i m using forms authentication and it's always capture the login forms page because of forms authentication.
So Please help me ASAP.

In that case you will need to perform login programtically for forms authentication. Here is the piece of code which will be required.
FormsAuthentication.SetAuthCookie(UserName, false);
And here is more info
http://weblogs.asp.net/joseguay/archive/2009/03/23/the-asp-net-capsule-2-login-programmatically-with-forms-authentication.aspx.
However, be aware that the code you are using for creation of screenshot might not go well with it. So take care of this. These posts might help you in that case Send credentials to WebBrowser

You have to simulate forms authentication via WebBrowser control - essentially, use document object model (Document property) to locate user name/password input boxes, set their values and trigger submit (either inject java-script to do form submit OR use DOM to simulate login button click).
IMO, better way would be to use WebRequest (HttpWebRequest) to simulate the POST to login page to do authentication and then issue request to user profile page. Get the page html(from response) and load it in Web Browser control using DocumentText property.
In case, you have control over the server site, you may modify user profile page to allow un-authenticated access over certain requests (for example, from local machine or specified IP etc).

Related

How to pass login userid to all pages when i redirect to any page by clicking menu

I am creating a customer module in asp.net website project. i developed login page and from login page i am entering to customer home page. here i am giving menu items like
customerprofile
2.customerpurchased items
3.customervieweditems
4.customerbiilingpage like
here for every page i need used login id that should come directly in pageload.
please any one help me how to pass login user id to above 4 pages.
You should look into authentication for this site. Search on FormsAuthentication using a FormsAuthenticationTicket, or use the newer Memebership and Roles functionality. Do this properly and you really don't "pass" the login aroun, you read it from the HttpContext.Current.User.Identity container.
why not you use Session ? Session is the best case for your scenario. or if you wanted to use Authentication mechanism, then Go for Membership Provider, FormsAuthentication. How To Implement Simple Forms Authentication
Session["UserID"]=yourUseID;
to retreive
var userID=Session["UserID"].ToStrin();

how to handle form authentication in IE7&IE8

Hi I am using IE7 and IE8 browser for running web appliction. I have login in the web application go on the next page. if have copy the url of the next page, and open new browser and paste url, then open directly next page. I mean my form authentication is not working. please help how to handle this issue.
I don't know enough about asp.net to give exact code, but your login page should create a new session if it isn't already created.
When the logic behind the authentication form verifies the username/password, it should set a session variable to mark the user as logged in.
Pages which require login should then check for that session variable, and redirect to the login page if not set.
Hope that helps!

Open protected web page passing in credentials programmatically

I have code examples from some of my previous work that help me to post form values to a web page (login credentials) and retrieve the text from that page. Now I want to pass in form values (login credentials again) but actually open that web page in a browser given those credentials.
How do I do that? I'm not doing anything nefarious. In our CRM app (home-grown as it is), I want to create a link button that opens our web site's protected products page given the user's credentials (based on the user's login credentials). Normally, I'd copy the user's credentials in our login page which then takes me to the products page. I'm trying to do this now by just clicking a link button.
Any suggestions?
How are you launching the browser? Is this an internal network app? If so, I would recommend using Windows Authentication for your ASP.NET app, and then you don't have to worry about passing credentials. If you can't do that, then you'll probably have to pass the credentials on the querystring generated by your CRM app. Obviously, this is a huge security risk. But the next step would be to perform your internal authentication and then call FormsAuthencation.RedirectFromLoginPage or FormsAuthentication.SetAuthCookie().

Aspx Page Level windows authentication?

I have a document approval workflow application. The workflow sends emails to appropriate users with links for Accept/Reject the document.
When the user clicks on Accept or reject link, an aspx page is shown, where he can type a comment and submit.
Now the question is I want Windows Authentication on this aspx page. If the user is authenticated I want its Userid to be checked against database if his role/profile has priveledge to view the page.
How should I achieve this?
If the whole thing is internal (within your organization) then simply use Windows Authentication on the website. Other wise you have to mix Forms and Windows Authentication on the site. Here is an MSDN article about this.
Once authentication is wired up you can access the user's identity using static
System.Security.Principal.IIdentity user = Page.User.Identity;
property. It contains IsAuthenticated and AuthenticationType properties which you can put to use.

Partial site SSL using asp.net login control

I'm attempting to convert a home-grown login system to the standard asp.net login control included in .net. I want all communication on the website for a user not logged in to be in clear text, but lock everything in SSL once the user logs in - including the transmission of the username and password.
I had this working before by loading a second page - "loginaction.aspx" - with a https: prefix, then pulling out the username and password by looking for the proper textbox controls in Request.Form.Keys. Is there a way to do something similar using the .net login controls? I dont want to have a seperate login page, but rather include this control (within a loginview) on every page on the site.
You're not going to be able to do what you're talking about simply, because the postback (which is what the login control uses) is going to be whatever the page's security is (SSL or non-SSL).
Your best bet in this scenario is to use an IFRAME which contains an HTTPS (SSL) page that just contains thelogin control. You might have to redirect to another page after login that lets you jump out of the IFRAME.
Plan B would be to have a separate form on the page (outside your main FORM) which has the ACTION property point to another page where you handle the login. You will have to roll your your own login code to handle the forms authentication.
I was able to accomplish this by adding an OnClientClick event to the login button control and set it to the following javascript function.
`
function forceSSLSubmit()
{
var strAction = document.forms[0].action.toString();
if (strAction.toLowerCase().indexOf("http:") == 0) {
strAction = "https" + strAction.substring(4);
document.forms[0].action = strAction;
}
}
`
You aren't going to be able to have your site as non-SSL, with a login box on every page, and then submit the username and password via SSL.
The only way to really accomplish this is to use frames of some sort. This way your entire page could be non-SSL, but the login frame would have to be SSL.
The usual ways of doing this is to either lock down the entire site with SSL, don't worry about having the username and password SSL encrypted and go to SSL after they log in, or go the frame route I mentioned above.

Resources