Pass credentials from Win app to Web app

E

Eric

I'm using ASP.net Authentication and Authorization (Sql provider against
standard aspnetdb) in my VB.net Windows App to handle users, roles, etc.
This works great.

Within my win app, using the .net web browser control, I want to launch a
url (in our intranet, ASP.Net hosted in IIS6, Win Srv 2003 R2), but I don't
want the user to have to go through the forms login process again, since
they've already been authenticated by my win app.

Is their a way to pass the user's credentials from the win app to the web
app? Perhaps in some sort of encrypted query string? Is their a method
similar to using windows security with web services, such as:


myProxy.Credentials = System.Net.CredentialCache.DefaultCredentials ?

Thanks!
 
J

Joe Kaplan

Are you wanting to authenticate the user in the web app against SQL as well?
If so, you might consider using HttpWebRequest to "screen scrape" the login
process to your web app and get a login cookie for the user. Then, try to
find a way to pass that cookie to IE so that it will be provided to the
server by the browser control. That will make it look to the web app on the
server as if the user has already logged in.

I'm not sure if there is a way to pass cookies to use into the browser
control or not, but hopefully there is.

If not, you might need to create some sort of custom login mechanism via a
query string that performs the login and do some of the heavy lifting
yourself to implement the credentials collection and login process in an
HttpModule or Global.asax event handler instead of the normal login form
page.

Joe K.
 
S

susan phan

Hi Joe,

Do you have an example of how to pass user name and password using HTTPWebRequest including the submit button? What I am trying to accomplish is that I have a windows app and wanted to launch a secured web app (forms authentication) without having the user providing login info.

Thanks
Susan
 
J

Joe Kaplan

There is no standard way to do this with forms authentication as forms
authentication is not a "standard" per say. Typically, the browser sends
some credentials to the server via a form POST and the server issues the
client a cookie which must be used on successive requests.

What you should do is examine the actual HTTP traffic during a login to the
web server using a tool like Fiddler and then recreate that programmatically
with HTTP web request. This process is what's called "screen scraping".

Joe K.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top