Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
Classic ASP Professional For advanced coder questions in ASP 3. NOT for ASP.NET 1.0, 1.1, or 2.0.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Classic ASP Professional section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old December 18th, 2003, 04:37 PM
Authorized User
 
Join Date: Sep 2003
Location: Pittsburgh, PA, USA.
Posts: 32
Thanks: 0
Thanked 0 Times in 0 Posts
Default Passing login through link??

I know this question is absolutely crazy, but before I say "NO,YOU CAN'T DO THIS" to the client I would like to know there is a way (or no way) to solve this

I have a demo page of a members-only portal. My client wants to show a page that is accessible only to members. Is there a safe way to pass login information through this link? I maybe like a session login...?

Say if I have a trial account set up, can I pass login info through this link?

but maybe this just puts a big security hole on my portal....?
Reply With Quote
  #2 (permalink)  
Old December 18th, 2003, 04:56 PM
planoie's Avatar
Friend of Wrox
Points: 16,481, Level: 55
Points: 16,481, Level: 55 Points: 16,481, Level: 55 Points: 16,481, Level: 55
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Aug 2003
Location: Clifton Park, New York, USA.
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
Default

You can most certainly do this, and in reality it's no bigger a security hole than another other form of login on a site. You can use the same precautions to protect the user with either method.

All you need to do is provide the ability to put the login credentials (username, password) in the querystring of the link.

http://www.mywebsite.com/login.asp?u...sword=Password

Simple as that. If you want to protect it, you could force the link to be HTTPS so the request is encrypted.

Peter
------------------------------------------------------
Work smarter, not harder.
Reply With Quote
  #3 (permalink)  
Old December 18th, 2003, 05:26 PM
Authorized User
 
Join Date: Sep 2003
Location: Pittsburgh, PA, USA.
Posts: 32
Thanks: 0
Thanked 0 Times in 0 Posts
Default

That is actually something that I tried. Since it did not work I thought it is something I just can't do through a URL.
This is what happens:
I enter:
http://www.mywebsite.com/login.asp?u...sword=Password
and it kicks me into the login page with an encoded URL.

Why?

Maria
Reply With Quote
  #4 (permalink)  
Old December 18th, 2003, 05:29 PM
Authorized User
 
Join Date: Sep 2003
Location: Pittsburgh, PA, USA.
Posts: 32
Thanks: 0
Thanked 0 Times in 0 Posts
Default

http://www.mywebsite.com/login.asp?r...ord%3DPassword
Reply With Quote
  #5 (permalink)  
Old December 18th, 2003, 06:10 PM
planoie's Avatar
Friend of Wrox
Points: 16,481, Level: 55
Points: 16,481, Level: 55 Points: 16,481, Level: 55 Points: 16,481, Level: 55
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Aug 2003
Location: Clifton Park, New York, USA.
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
Default

Well, if your system is set up in such a way that you have to log in to access ANYTHING on the site, then you are out of luck. But you should at least be able to access the login page (not much sense in securing that).

I just used that URL as an example to show that whatever your public login page is, you could simply add in the functionality that checks for values on the URL for "automatic" login.

Peter
------------------------------------------------------
Work smarter, not harder.
Reply With Quote
  #6 (permalink)  
Old December 18th, 2003, 06:20 PM
Authorized User
 
Join Date: Sep 2003
Location: Pittsburgh, PA, USA.
Posts: 32
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I tested 2 URLs with 2 identities. One is my own that has a cookie on my system, and one that is completely new.

I completely logged out and used my own login info in the URL and that logged me in right away through the URL.
When I used the new log in that has not been used in the login page yet(thus no cookie) I got an encoded URL and was thrown to the login page.

So, does this mean that unless the person has already went through the login page and got a cookie for that login, they won't be able to logged in through the URL??
Reply With Quote
  #7 (permalink)  
Old December 18th, 2003, 06:25 PM
planoie's Avatar
Friend of Wrox
Points: 16,481, Level: 55
Points: 16,481, Level: 55 Points: 16,481, Level: 55 Points: 16,481, Level: 55
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Aug 2003
Location: Clifton Park, New York, USA.
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
Default

This is getting a tad confusing. Is this site you are trying to "auto login" to one that you have control over? I'm beginning to think that this is not the case.

Peter
------------------------------------------------------
Work smarter, not harder.
Reply With Quote
  #8 (permalink)  
Old December 19th, 2003, 11:27 AM
planoie's Avatar
Friend of Wrox
Points: 16,481, Level: 55
Points: 16,481, Level: 55 Points: 16,481, Level: 55 Points: 16,481, Level: 55
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Aug 2003
Location: Clifton Park, New York, USA.
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
Default

The original question posed in this thread was "Can I perform a login thru a link?"
The answer is yes, you can.

Are you unclear about what you actually need to do to make the login work? It sounds like your system is also looking at some cookie values for critical information concerning login. Can you explain what process your go thru when you log in from the login form?

Peter
------------------------------------------------------
Work smarter, not harder.
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Help passing login info to new page peterh Classic ASP Basics 4 January 10th, 2008 12:39 PM
passing parameters from command link to input Text pvsaranya_reddy JSP Basics 0 March 5th, 2006 08:02 AM
Passing Variables with Login jflores1 Beginning PHP 2 January 10th, 2006 09:27 AM
Passing NT Login Info negrette Classic ASP Professional 1 October 25th, 2004 02:37 PM
Passing a parameter into the XSLT thru a link Liska XSLT 0 July 16th, 2004 08:19 PM



All times are GMT -4. The time now is 07:47 PM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.