passing password in in querystring

jaya929 · May 26th, 2008, 05:04 AM

Hi Experts,
In my application..assume a user entered in to our site by providing credentials.
After that if he want to redirect to forum page of our site...he shold click on Forum Link Button.Then HE will be redirected to Forum page.In that page i need to display the user name..like "welcome XYZ".(Note that in forum also user should authenticated)

So i am sending username and password(i am sending password in encoding format i.e.,irl encode) through querystring.
But in forum some problem is coming while decoding the password(url decode) and authenticating it.So it is not showing the username.instead it is showing "welcome Guest"...

So how can i decode the password...or is there any other way to do this..its vvv Urgent...

Thanx in Adv.

Imar · May 26th, 2008, 05:41 AM

If with "in encoding format" you mean hashed (as you are referring to in the subject), then you can forget about it. Hashing is a one way algorithm, so there's no way to convert it back.

Cheers,

Imar

---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of Beginning ASP.NET 3.5 : in C# and VB, ASP.NET 2.0 Instant Results and Dreamweaver MX 2004
Want to be my colleague? Then check out this post.

jaya929 · May 26th, 2008, 06:15 AM

Thanks For Answer.
Again i am explaining my problem.

i have a password.i am encrypting that one and and sending this one through query string(url encode).

in Forum page i am urldecoding the password and decrypting this one.so i am getting password's original format.
i am comparing this one with database password.if it is matched the username will be displayed in Forum page.

This is the scenario.But when decrypting,some change is occuring and i am not getting original password.so i am unable to display username in forum page.

So how can i do this?Is there any other way to do this.(except using cookies)

Thanx in Adv.

planoie · May 26th, 2008, 06:46 AM

Why are you passing anything on the query string? The typical scenario for doing a login is to handle the login procedure on the page that the user entered their login information. The process would normally be triggered by a button click handler and process directly on that page instead of passing off the information to another page.

-Peter
compiledthoughts.com

jaya929 · May 27th, 2008, 05:36 AM

Mr.Planoie,
U did not catch my point.I need to verify the credentials in Homepage as well as in Forum page of my application.
So...if any user logged in to the application,he need not to login again in Forumpage.So that i am sending username and password through URL as querystrings.

If i use cookies there is some problem..so i need to achieve this through Querystrings only.How can I?(Note:In my application,Forum was developed seperately.So unable to use Session also)
Plz Help me...

Thanx.

planoie · May 27th, 2008, 07:47 AM

It was not clear from your original posts that you were dealing with 2 separate applications.

What are you using for password/username encryption? Can you post the code you are using?

Generally, you don't need to UrlDecode values that come across on the querystring.

-Peter
compiledthoughts.com