Wrox Programmer Forums
Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 2.0 > ASP.NET 2.0 Professional
| Search | Today's Posts | Mark Forums Read
ASP.NET 2.0 Professional If you are an experienced ASP.NET programmer, this is the forum for your 2.0 questions. Please also see the Visual Web Developer 2005 forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 2.0 Professional section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
  #1 (permalink)  
Old September 19th, 2006, 04:43 PM
Authorized User
 
Join Date: Apr 2005
Location: Spanish Fork, UT, USA.
Posts: 19
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to DudeBori82 Send a message via MSN to DudeBori82
Default Returning a custom WebResponse to the browser

I have an application that tries to access another applications login page that requires username and password variables sent by post. I want to automate this, so as to not make the user login twice. I realize I could write those two variables to hidden fields and then force a submission, but there are is a security liability that the values are left open for any one to see (even if it's for a matter of seconds. Here's the code I have so far, but I don't know how to move the WebResponse that I get to the current response object, so that the user is in a sense "redirected" to the new page.

Code:
        string sParams = "username=" + sID + "&password=" + sPassword;
        string sUrl = "https://******************.com/index.cfm?view=login&cobrand=*****&lang=en";

        System.Net.WebRequest req = System.Net.WebRequest.Create(sUrl);
        req.Method = "POST";

        byte[] bytes = System.Text.Encoding.ASCII.GetBytes(sParams);

        req.ContentLength = bytes.Length;

        System.IO.Stream os = req.GetRequestStream();
        os.Write(bytes, 0, bytes.Length);
        os.Close();

        System.Net.WebResponse resp = req.GetResponse();
I get the response, but how do set the current response to the one I generated?

Troubleshooting life: 1 bug at a time.
__________________
Troubleshooting life: 1 bug at a time.
  #2 (permalink)  
Old September 20th, 2006, 09:52 AM
Authorized User
 
Join Date: Apr 2005
Location: Spanish Fork, UT, USA.
Posts: 19
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to DudeBori82 Send a message via MSN to DudeBori82
Default

Due to the high amount of replies to this post (sarcasm), I'm wondering if this is the solution. Let me better state the scenario. I have an application that lets customers login and manage their account. We also have a seperate company that offers a service to our customers through our company. I'd like for users to be able to login to our application and click a button called "Manage The "Other" Account" and it open a new window and redirect that new window to the other companies sight, with the user logged in automatically. The problem is "index.cfm" of the other company requires "username" and "password" sent to the page via post in order to log them in automatically. Any suggestions?

Troubleshooting life: 1 bug at a time.
  #3 (permalink)  
Old September 20th, 2006, 04:46 PM
Friend of Wrox
 
Join Date: Feb 2006
Location: , , USA.
Posts: 116
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Question for my own curiosity: does their website and your website use the same passwords with the same hash key or something? How does that work without compromising security?

Neil Timmerman
Programmer
Veris Consulting
  #4 (permalink)  
Old September 22nd, 2006, 10:59 AM
Authorized User
 
Join Date: Sep 2006
Location: , , .
Posts: 15
Thanks: 0
Thanked 0 Times in 0 Posts
Default

dudebori
iam also looking for this..pls let me know if u got that one


surya

  #5 (permalink)  
Old September 22nd, 2006, 04:56 PM
Authorized User
 
Join Date: Apr 2005
Location: Spanish Fork, UT, USA.
Posts: 19
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to DudeBori82 Send a message via MSN to DudeBori82
Default

Answer to thenoseknows: The each distributor record contains a password for our site and a password for the third party site, they are different.

So far, the only solution, with a medium-low security risk is to create a form that adds the values (un & pw) to two hidden fields, then does a javascript formName.submit() on the onload event of the body.

This exposes the username and password in the HTML source for the time it takes to get the response from the server for the submit. The risks are that the un & pw can be seen in the HTML for a few seconds (not a huge risk), th elarger risk lies in that the HTML page is saved in the browsers history and if the users machine is ever compromised, it can be found.

It's enough to avoid using that method and looking for a better way, thus the WebRequest and WebResponse objects, which brings me back to my original post: Is there a way to programmably make a request and then pass the response to the users browser?

Troubleshooting life: 1 bug at a time.
  #6 (permalink)  
Old September 28th, 2006, 07:53 AM
Authorized User
 
Join Date: Sep 2006
Location: , , .
Posts: 15
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi ,

I get the contacts page as html content by this code.Now..i need only selected content ie only contacts (which r in div/table tag) not a complete page.





private void Button1_Click(object sender, System.EventArgs e)
{

HttpWebRequest webRequest = WebRequest.Create(LOGIN_URL) as HttpWebRequest;
StreamReader responseReader = new StreamReader(webRequest.GetResponse().GetResponseS tream());
string responseData = responseReader.ReadToEnd();
responseReader.Close();
string uid = txtuid.Text.Trim();
string pwd=txtpwd.Text.Trim();
// extract the viewstate value and build out POST data

string postData = String.Format("session_key={0}&session_password={1 }&session_login=Submit",uid, pwd);

// have a cookie container ready to receive the forms auth cookie
CookieContainer cookies = new CookieContainer();

// now post to the login form
webRequest = WebRequest.Create(LOGIN_URL) as HttpWebRequest;
webRequest.Method = "POST";
webRequest.ContentType = "application/x-www-form-urlencoded";
webRequest.CookieContainer = cookies;

// write the form values into the request message
StreamWriter requestWriter = new StreamWriter(webRequest.GetRequestStream());
requestWriter.Write(postData);
requestWriter.Close();


// we don't need the contents of the response, just the cookie it issues
webRequest.GetResponse().Close();

// now we can send out cookie along with a request for the protected page
webRequest = WebRequest.Create(url of contacts page) as HttpWebRequest;
webRequest.CookieContainer = cookies;
responseReader = new StreamReader(webRequest.GetResponse().GetResponseS tream());

// and read the response
responseData = responseReader.ReadToEnd();
responseReader.Close();
Response.Write(responseData);



}


pls suggest me to complete this

Surya




Similar Threads
Thread Thread Starter Forum Replies Last Post
Web Method Returning a complex Custom data type. saisunil1978 .NET Web Services 0 July 15th, 2008 05:38 AM
browser version and JSP-custom tags neetukk JSP Basics 1 December 6th, 2006 03:29 AM
Webresponse contenttype different from request mikehsu317 C# 6 September 27th, 2006 10:42 AM
Custom Browser Purpose C# 0 August 14th, 2006 05:41 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.