Open protected web page passing in credentials programmatically - asp.net

I have code examples from some of my previous work that help me to post form values to a web page (login credentials) and retrieve the text from that page. Now I want to pass in form values (login credentials again) but actually open that web page in a browser given those credentials.
How do I do that? I'm not doing anything nefarious. In our CRM app (home-grown as it is), I want to create a link button that opens our web site's protected products page given the user's credentials (based on the user's login credentials). Normally, I'd copy the user's credentials in our login page which then takes me to the products page. I'm trying to do this now by just clicking a link button.
Any suggestions?

How are you launching the browser? Is this an internal network app? If so, I would recommend using Windows Authentication for your ASP.NET app, and then you don't have to worry about passing credentials. If you can't do that, then you'll probably have to pass the credentials on the querystring generated by your CRM app. Obviously, this is a huge security risk. But the next step would be to perform your internal authentication and then call FormsAuthencation.RedirectFromLoginPage or FormsAuthentication.SetAuthCookie().

Related

How can I programmatically log into an ASP.NET website that uses Forms authentication?

I'm trying to automate testing of an ASP.NET (not MVC) website that uses Forms authentication.
I want to simulate what happens when a user submits a particular form; to do this, my code can POST to the corresponding URL - but that won't work unless my code can first log in as my test user.
I've tried posting to the LogOn page (supplying a suitable username and password), but this fails - and I think it fails because the website uses ASP.NET event validation. (If I use Fiddler to watch what's sent to and from the browser, there's an __EVENTVALIDATION hidden form item).
I'm guessing that I'll need to visit the login page once, get the __EVENTVALIDATION value, and include that when I post the username and password to the LogOn page?
Is that all I need to do, or is spoofing a Forms-authentication-based website a non-starter?
Well, in case it helps anyone else, I was able to get this working by issuing a GET request to the LogOn page, extracting the values of the __EVENTVALIDATION, __VIEWSTATE and __VIEWSTATEENCRYPTED hidden form fields from the returned HTML, and then POSTing those values back to the LogOn page along with the rest of my form values (user name and password).
I'm using a single instance of HttpClient throughout, so the ASP.NET session cookie is preserved between requests.

how to call an application from another application by validating credentials

i have 2 web applications 1) webgrants 2)Reports this is to view reports
We provide a link to Reports app in webgrants.Once the users logs into Webgrants and clicks on the Reports link he will be redirected to Home page in reports app.
The Reports app can be accessed directly and from webgrants app, so my question is how do we know whether the user is coming from webgrants or accessing directly.
I am thinking of using session when he comes from webgrants i wants to check if session exists if it is null redirect to login page else to home page ... is this is good approach or any best way ????????
You'd be better off using forms authentication and setting it to work across apps. that way a user logged in on one app will be also logged in on the other. You can then use roles authorization to work out if they are allowed to do that.
Simon

Forms Authentication issue with WebBrowser Class in asp.net

I am developing a site and in this site i m building a functionality to capture a screen shot of a page. In my site i am using forms authentication.now first of all.
So when user login to the website he/she has to enter the credentials and then go to their profile page.
So now i am just creating a thumbnail of the user profile page using WebBrowser Control but the problem is , i m using forms authentication and it's always capture the login forms page because of forms authentication.
So Please help me ASAP.
In that case you will need to perform login programtically for forms authentication. Here is the piece of code which will be required.
FormsAuthentication.SetAuthCookie(UserName, false);
And here is more info
http://weblogs.asp.net/joseguay/archive/2009/03/23/the-asp-net-capsule-2-login-programmatically-with-forms-authentication.aspx.
However, be aware that the code you are using for creation of screenshot might not go well with it. So take care of this. These posts might help you in that case Send credentials to WebBrowser
You have to simulate forms authentication via WebBrowser control - essentially, use document object model (Document property) to locate user name/password input boxes, set their values and trigger submit (either inject java-script to do form submit OR use DOM to simulate login button click).
IMO, better way would be to use WebRequest (HttpWebRequest) to simulate the POST to login page to do authentication and then issue request to user profile page. Get the page html(from response) and load it in Web Browser control using DocumentText property.
In case, you have control over the server site, you may modify user profile page to allow un-authenticated access over certain requests (for example, from local machine or specified IP etc).

how to handle form authentication in IE7&IE8

Hi I am using IE7 and IE8 browser for running web appliction. I have login in the web application go on the next page. if have copy the url of the next page, and open new browser and paste url, then open directly next page. I mean my form authentication is not working. please help how to handle this issue.
I don't know enough about asp.net to give exact code, but your login page should create a new session if it isn't already created.
When the logic behind the authentication form verifies the username/password, it should set a session variable to mark the user as logged in.
Pages which require login should then check for that session variable, and redirect to the login page if not set.
Hope that helps!

Aspx Page Level windows authentication?

I have a document approval workflow application. The workflow sends emails to appropriate users with links for Accept/Reject the document.
When the user clicks on Accept or reject link, an aspx page is shown, where he can type a comment and submit.
Now the question is I want Windows Authentication on this aspx page. If the user is authenticated I want its Userid to be checked against database if his role/profile has priveledge to view the page.
How should I achieve this?
If the whole thing is internal (within your organization) then simply use Windows Authentication on the website. Other wise you have to mix Forms and Windows Authentication on the site. Here is an MSDN article about this.
Once authentication is wired up you can access the user's identity using static
System.Security.Principal.IIdentity user = Page.User.Identity;
property. It contains IsAuthenticated and AuthenticationType properties which you can put to use.

Resources