Hi,
I am sorry if this question is posted somewhere else also, I didn't find it.
I am trying to pass some values in URL(encrypted) from one website to another.
(kind of a custom SSO, but not complete). When I encrypt my URL and controls is shifted from site1 to site2. It gives a "OBJECT MOVED TO HERE" where here is a hyperlink.
Site1 (
http://localhost/Login_Website) code
Code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.IO;
using System.Security.Cryptography;
using System.Text;
using System.Web.Security;
using System.Data;
using System.Data.SqlClient;
namespace loginControl_test
{
public partial class _Default : System.Web.UI.Page
{
String targetSiteSsoUrl = "http://localhost/Login_Website2/Default.aspx";
String SECRET_KEY = "HappyCoding";
protected void Page_Load(object sender, EventArgs e)
{
string destinationUrl = Request.QueryString["destinationUrl"];
string UserName = User.Identity.Name;
string destination = targetSiteSsoUrl + "?uname=" + HttpUtility.HtmlEncode(UserName) + "&destinationUrl=" + HttpUtility.HtmlEncode(destinationUrl);
string message = UserName + "|" + destinationUrl;
string hash = getHash(message);
destination += "&hash=" + hash;
Response.Redirect(destination);
}
protected string getHash(string message)
{
HMACSHA1 sha1 = new HMACSHA1(Encoding.Default.GetBytes(SECRET_KEY));
string hash = BitConverter.ToString(sha1.ComputeHash(Encoding.Default.GetBytes(message))).Replace("-", "");
return hash;
}
}
}
Site2 ((
http://localhost/Login_Website2) code
Code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Security.Cryptography;
using System.Text;
using System.Web.Security;
namespace loginControl_test2
{
public partial class _Default : System.Web.UI.Page
{
public string destination = "";
public string hash;
private string userName;
public string Verified;
public string DerivedHash;
protected void Page_Load(object sender, EventArgs e)
{
getParameters();
Label1.Text = userName;
if (verifyParameters())
{
Verified = "Hash Verified";
FormsAuthentication.SetAuthCookie(userName, true);
Response.Redirect(destination);
}
else
{
Verified = "Hash Failed";
}
}
protected void getParameters()
{
if (Request.Params.Get("destinationUrl") != null)
{
destination = HttpUtility.HtmlDecode(Request.Params.Get("destinationUrl"));
}
else
{
destination = "/";
}
if (Request.Params.Get("uname") != null)
{
userName = HttpUtility.HtmlDecode(Request.Params.Get("uname"));
Label1.Text = userName;
}
if (Request.Params.Get("hash") != null)
{
hash = HttpUtility.HtmlDecode(Request.Params.Get("hash"));
}
}
public bool verifyParameters()
{
string message = userName + "|" + destination;
string CalculatedHash = getHash(message);
DerivedHash = getHash(message);
return CalculatedHash.Equals(hash);
}
protected string getHash(string message)
{
string SECRET_KEY = "HappyCoding";
HMACSHA1 sha1 = new HMACSHA1(Encoding.Default.GetBytes(SECRET_KEY));
string CalcultedHash = BitConverter.ToString(sha1.ComputeHash(Encoding.Default.GetBytes(message))).Replace("-", "");
return CalcultedHash;
}
}
}
and this is what my URL looks like when it reaches site2
http://localhost/Login_Website2/Abou...B6C90DD933B5C7
(If you look closely there isn't any value for uname, maybe thats the problem. I am confused).
Any help will be appreciated!
Trying a fetch values from encrypted URL
