Automatic login from one website to another - how

D

David Smithz

Hi there,

I want to have my own website, from which I can automatically log into to
other websites. Is this possible and if so where does one start.

I know some applications do it. They take control of a webbrowser and
automatically log in to other websites. But I want to be able to visit my
own website where it then goes and logs in to certain other websites for me.

Is this possible and does anyone have any idea how this could be achieved?

If there is another newsgroup I should be asking this question then please
let me know.

Thanks in advance for any input on this matter.

Dave
 
A

Adrienne Boswell

Hi there,

I want to have my own website, from which I can automatically log into
to other websites. Is this possible and if so where does one start.

I know some applications do it. They take control of a webbrowser and
automatically log in to other websites. But I want to be able to visit
my own website where it then goes and logs in to certain other
websites for me.

Is this possible and does anyone have any idea how this could be
achieved?

If there is another newsgroup I should be asking this question then
please let me know.

Thanks in advance for any input on this matter.

Dave

It depends on the page you are trying to log into. Do you know the
parameters of what the receiving page are? Is it looking for POST or
GET? Does it encrypt the information? Is it on a secure server?
 
D

David Smithz

Adrienne Boswell said:
It depends on the page you are trying to log into. Do you know the
parameters of what the receiving page are? Is it looking for POST or
GET? Does it encrypt the information? Is it on a secure server?
Well you see I was wanting to not make it depend on that. I need a generic
approach that will work on any website is thrown at it. I want this to work
by the equivalent of controlling the webbrower.

So the system does not work by submitting the correct parameters as a POST
of whatever. The system works by taking control of the webpage in say a HTML
frame, and actually then filling out the webform as if the user was typing
it in. In theory if this could work, there would be no need to worry about
the method of logging.

For example, the Bank Egg, has a feature called Money Manager. When you log
in to Egg, it goes away and logs into all your other bank accounts for you
to give you all your balances. This uses a feature where it controls the web
browser to replicate typing in your username, password etc.

However, before Egg can work it does install something onto your PC.

Now I was wondering if this was possible, but without the need for a locally
stored application. Therefore I could visit a website, and it can log into
some predetermined websites for me, either through browser scripting and
therefore opening into a new frame, or if this causes problems, perhaps
through some server functionality that simulates the user login in.

Possible? Any ideas of thoughts?

Thanks.
 
D

David Dorward

David said:
So the system does not work by submitting the correct parameters as a POST
of whatever. The system works by taking control of the webpage in say a
HTML frame, and actually then filling out the webform as if the user was
typing it in.

Not possible. Cross domain scripting security prevents it.
For example, the Bank Egg, has a feature called Money Manager. When you
log in to Egg, it goes away and logs into all your other bank accounts for
you to give you all your balances. This uses a feature where it controls
the web browser to replicate typing in your username, password etc.

However, before Egg can work it does install something onto your PC.

Which bypasses cross domain scripting issues by using a custom application
rather than a regular webbrowser.
Now I was wondering if this was possible, but without the need for a
locally stored application.

No.
 
N

Nije Nego

Hi there,

I want to have my own website, from which I can automatically log into to
other websites. Is this possible and if so where does one start.

I know some applications do it. They take control of a webbrowser and
automatically log in to other websites. But I want to be able to visit my
own website where it then goes and logs in to certain other websites for me.

Is this possible and does anyone have any idea how this could be achieved?

If there is another newsgroup I should be asking this question then please
let me know.

Thanks in advance for any input on this matter.

Dave

What's wrong with Bookmarks?
 
D

Daniel R. Tobias

David said:
For example, the Bank Egg, has a feature called Money Manager. When you log
in to Egg, it goes away and logs into all your other bank accounts for you
to give you all your balances. This uses a feature where it controls the web
browser to replicate typing in your username, password etc.

My bank's site has an "aggregator" that shows information from all my
other online accounts, but it does this server-side, rather than
client-side. In other words, there is scripting at the back end, on the
server, that logs in to all those other sites (using passwords I
supplied) and gets my info. This sort of thing can be programmed in a
language such as Perl, which has a module to issue HTTP get and post
requests. The user's browser isn't involved at all, except when the
results of all the back-end activity are displayed.
 
D

David Smithz

Daniel R. Tobias said:
My bank's site has an "aggregator" that shows information from all my
other online accounts, but it does this server-side, rather than
client-side. In other words, there is scripting at the back end, on the
server, that logs in to all those other sites (using passwords I supplied)
and gets my info. This sort of thing can be programmed in a language such
as Perl, which has a module to issue HTTP get and post requests. The
user's browser isn't involved at all, except when the results of all the
back-end activity are displayed.


This is the lines I was thinking of. I was going to answer David Dorwards
email saying about this but this is a good example.

Essentially I was hoping there was some server way of achieving this, where
on a server all the login information is held ( in a secure format lets say)
and then that server handles the login to whatever service. The server acts
like my sitting at the computer entering all the log in details. Then it
relays that information to me on my own webbrower, so it seems that I have
logged into the service automatically.

To give a further detailed example,

I want to log into my hotmail and yahoo accounts at the same time (Ignoring
the option for pop3 access, this isjust an example).

Therefore I visit my webpage which is hosted on the server with all my login
information. Lets call that, mySpecialPage.
mySpecialPage knows I am visiting, so from a DB or whatever, pulls my login
information up and then communicates with the Yahoo and Hotmail webpages to
log me in as if I was login in.

Once logged in, mySpecialPage displays to me the logged in pages of Yahoo
and Hotmail ( most probably in separate frames), so it has logged on for me,
but I still see the results.

So is this possible. I need to know if this is feasible. I welcome any
details comments on this subject particularly if there are any experts in
this area?

Thanks again.
 
D

Dan

David said:
So is this possible. I need to know if this is feasible. I welcome any
details comments on this subject particularly if there are any experts in
this area?

Sure... it's not a very difficult thing to do in Perl, for instance,
using a few commonly-found libraries:

use HTTP::Request::Common;
use HTTP::Cookies;
use LWP::UserAgent;
use HTML::TokeParser;

With these, you can easily make HTTP requests (GET and POST), store and
send back cookies (if a site requires them), parse the resulting HTML
document, and so on.
 
D

David Dorward

David said:
Therefore I visit my webpage which is hosted on the server with all my
login information. Lets call that, mySpecialPage.
mySpecialPage knows I am visiting, so from a DB or whatever, pulls my
login information up and then communicates with the Yahoo and Hotmail
webpages to log me in as if I was login in.

Once logged in, mySpecialPage displays to me the logged in pages of Yahoo
and Hotmail ( most probably in separate frames), so it has logged on for
me, but I still see the results.

You would have to process the markup returned from the systems and rewrite
all the links so they would continue to go through your server instead of
directly to hotmail/yahoo. You would also have to account for any
JavaScript that does HTTP related things / modifies links / etc (and
hotmail and yahoo mail use a /lot/).
 
D

David Smithz

David Dorward said:
You would have to process the markup returned from the systems and rewrite
all the links so they would continue to go through your server instead of
directly to hotmail/yahoo. You would also have to account for any
JavaScript that does HTTP related things / modifies links / etc (and
hotmail and yahoo mail use a /lot/).
Would it not just be possible to redirect all of the output into a frame to
the users browser? In a sense just acting as a relay passing the information
on?

So therefore, on the server when the HTTP response comes back containing all
of the HTML information, is it not just possible to redirect this to the
users webpage (or frame within a webpage)?

Where would be the necessity to rewrite the links? So I can picture can you
give me an example.

Thank you very much.
 
D

David Dorward

David said:
Would it not just be possible to redirect all of the output into a frame to
the users browser? In a sense just acting as a relay passing the information
on?

The authentication information would have been sent from the server to
Hotmail, then Hotmail would have sent the response back to the server.

The server is now logged into Hotmail.

The server can then pass the data to the client. The client isn't
logged into Hotmail, so any attempt to follow the links to Hotmail
would leave Hotmail saying "Go away, you aren't logged in". (and that's
assuming the links are not relative ones in the first place).

The server cannot log the client into Hotmail because it doesn't have
permissions to set cookies that are valid on the hotmail.com domain.
 
A

Andy Dingley

David said:
I want to have my own website, from which I can automatically log into to
other websites. Is this possible and if so where does one start.

Yes, this is possible. Search under the terms "Single Sign On" or
"SSO".

Usual technologies are some forms of LDAP, kerberos, and the like. It's
generally something applied to established intranets, or possibly
extranets, rather than the internet at large.
 
D

David Smithz

David Dorward said:
The authentication information would have been sent from the server to
Hotmail, then Hotmail would have sent the response back to the server.

The server is now logged into Hotmail.

The server can then pass the data to the client. The client isn't
logged into Hotmail, so any attempt to follow the links to Hotmail
would leave Hotmail saying "Go away, you aren't logged in". (and that's
assuming the links are not relative ones in the first place).

The server cannot log the client into Hotmail because it doesn't have
permissions to set cookies that are valid on the hotmail.com domain.


Thanks for that David. Well described. I assume the authentication is always
going to be by some session cookie held on the server to allow
authentication. Is there no way the authentication cookie could just be
handed to the web browser on the users PC?

Just a last stab to make sure there is positively, absolutely no way of
doing this without having to rewrite all the URL's etc.

Also Andy Dingley has described it as being possible using single signon,
but of course he must be assuming that the websites I am talking about are
participating in the scheme, which they are not.

Cheers
 
D

David Smithz

Andy Dingley said:
Yes, this is possible. Search under the terms "Single Sign On" or
"SSO".

Usual technologies are some forms of LDAP, kerberos, and the like. It's
generally something applied to established intranets, or possibly
extranets, rather than the internet at large.

Hi Andy,

thanks for the input but I do not think SSO will work in this case. My
understanding is the SSO will only work with websites that are participating
in the SSO scheme. You could not for example just make a single sign on
scheme work with say, myISPexample.com unless the company myISPexample, had
made it possible?

What I was trying to achieve, was a webpage I visit, that automatically logs
into other websites that have not particularly participated in any single
signon scheme.

any more thoughts?
 
D

David Dorward

David said:
Thanks for that David. Well described. I assume the authentication is
always going to be by some session cookie held on the server to allow
authentication.

Not always, but it is a common approach.
Is there no way the authentication cookie could just be
handed to the web browser on the users PC?

Pretty sure there isn't.
 
D

David Dorward

Sym said:
Hi - If the site is using basic authentication which is not form based
you can put the login and password in the url - e.g.
http://username:[email protected]

The given examples (hotmail and yahoo!mail) don't. And not all browsers
support the URL scheme for usernames and passwords (due to its abuse by
pishers).
 
Joined
Aug 28, 2006
Messages
1
Reaction score
0
I am also trying to achieve the same idea, but until now nothing is working.
Did you guys got to any conclusion about this?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top