How to implement a automatic login function

[Victor]

hi guys.
In my project, now I am using a asp.net login control and a customized
membership provider to do the form authentication. Now I want some function
that user can skip the login form and be authenticated and login the system
automatically base on the username and password already in the session. Is
that possible to do ? and how to do it?

Cheers
Victor

 

[Ben Rush]

You should be able to use the authentication API from the
FormsAuthentication class to add/revoke a cookie for sign in status easily.
Have a look at this for example:
http://msdn2.microsoft.com/en-us/library/system.web.security.formsauthentication.setauthcookie.aspx

 

[Steven Cheng[MSFT]]

Hi Victor,

From your description, you want to add a code function that can help
automatically make a user loggedIn without interactive operation through
the login page, correct?

As Ben has suggested, ASP.NET forms authentication provide API for us to
programmatically do the authentication, and make a user turn from
unauthenticated to authenticated status. For example, the following two
methods can help make the current user loggedIn(by passing a username and
boolean parameter)

#FormsAuthentication.RedirectFromLoginPage Method
http://msdn2.microsoft.com/en-us/library/system.web.security.formsauthentica
tion.redirectfromloginpage.aspx

#FormsAuthentication.SetAuthCookie Method
http://msdn2.microsoft.com/en-us/library/system.web.security.formsauthentica
tion.setauthcookie.aspx

BTW, I'm still wondering your exactly code logic and scenario in the
application, as you said that the username/password is in the session,
then, how will you store username/password in session? password should
never be persisted in memory after login/authentication.

Anyway, if you have anything unclear or anything we missed, please feel
free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================



This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Cowboy \(Gregory A. Beamer\)]

I am not sure I understand you.

Do you mean:

1. User signed in once and has come back to the site? If so, set the
persistence flag to true and the cookie will live on across all sessions.
2. User has signed in and is now surfing other pages? If so, you need to do
nothing, as the user will be signed in.
3. User has signed into another site in your domain and you wish to allow
him to hit all sites? If so, set the machines keys to the same value on all
of your sites and call the cookie, explicitly, by the same name - all in
config file. NOTE: You will not be able to switch stored session values from
site to site.
4. You want certain users to be able to fake the login and be authenticated
with another account? This can be done with the API, but how are you going
to identify those users? Think this through carefully, as it is quite easy
for a hacker to figure out he can use your site with querystrings, if that
is your method of bypassing security. If you do not like the API, you can
create MembershipUser objects and attach to an ongoing session. That will
log them in, this time.

 

[Steven Cheng[MSFT]]

Hi Victor,

Have you got any progress or idea on this issue or does the suggesetion in
our previous message help some? If you have any further question on this,
please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.

 

[RobGMiller]

Hi Victor,

Have you got any progress or idea on this issue or does the suggesetion in
our previous message help some? If you have any further question on this,
please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

This posting is provided "AS IS" with no warranties, and confers no rights.

I'm not sure if my issue is the same as Victor's but i need to send
the username and password via a post to the site's initial page so
that the user can be authenticated as if he had used a login control
but skip the login process altogether.

Ideally all this can be done so that the username and password is not
sent in clear text. However we are willing to use SSL if necessary.

How can a post request be fed to whatever class the login control
feeds programmatially to obtain the same authenticated result?

Thanks,

 

[Steven Cheng[MSFT]]

Hi Rob,

Thanks for your input.

I think what you want to do is a bit different. What you want to do is like
a web client which programmatically send http post request to send login
credentials and pass the login page at server-side, just like many web
crawler does, correct?

For programmatically post http form data (through webrequest component in
..net), here are some useful web links:

#ASP.NET: Post Data Programmatically with "Webscraping"
http://www.developer.com/net/asp/article.php/3645506

#Programmatically Posting Data to ASP .NET Web Applications
http://dndj.sys-con.com/read/45127.htm

#Https form post using Httpwebrequest brings back the same page.
http://www.thescripts.com/forum/thread591965.html

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.

 

[RobGMiller]

Hi Rob,

Thanks for your input.

I think what you want to do is a bit different. What you want to do is like
a web client which programmatically send http post request to send login
credentials and pass the login page at server-side, just like many web
crawler does, correct?

For programmatically post http form data (through webrequest component in
.net), here are some useful web links:

#ASP.NET: Post Data Programmatically with "Webscraping"http://www.developer.com/net/asp/article.php/3645506

#Programmatically Posting Data to ASP .NET Web Applicationshttp://dndj.sys-con.com/read/45127.htm

#Https form post using Httpwebrequest brings back the same page.http://www.thescripts.com/forum/thread591965.html

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

This posting is provided "AS IS" with no warranties, and confers no rights.

Thanks for the reply Steven,

Unfortunately, this is not what I am after.

I am simply trying to simulate a normal login. At the moment the site
uses the login control connected to the Membership class. Under a
normal login the CurrentUser is associated with the current session
and can be picked up on any page by Membership.GetUser(). As per your
suggestion earlier in this thread I've been able to pass in the
username and password via a post and authenticate using the
following.

If Membership.ValidateUser(UserName, Password) Then
FormsAuthentication.RedirectFromLoginPage(UserName, True)

At least I think it authenticates because no error is returned but I
can't really know for sure because I can pickup up the current user
name in the normal way as follows:

Dim CurrentUser As MembershipUser = Membership.GetUser()
Message.Text = "Login Successfull. User = " & CurrentUser.UserName

In this case Membership.GetUser() returns a null.

Regards,

RobGMiller

 

[Steven Cheng[MSFT]]

Hi Victor,

Have you got any further idea on this issue? If there is anything else we
can help, please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

I've to programmatically login to a third party web app (Tomcat/apache) and
take the user to a landing page. I am able to programatically login
succesfullly but I am not able to redirect the browser to the landing page.
If I look at the logs on Tomcat side, I see the cookies are getting lost
somewhere even though I pass the cookies between successive requests. I would
appreciate any comments or suggestion rgeading how to take the user
successfully to the landing page.

string url = "http://10.112.60.86:8080/PCC/servlet/tpservlet";
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);


CookieContainer CookieC = new CookieContainer();



string data =
String.Format("USERID={0}&transactiontype={2}&FIID={3}&AUTHENTICATIONURL={4}&TARGET={5}",
"DDBDB3099C5C04D36B91C0EA786C0996", "729E13B7AFB57796A30",
"UserInqAuthActionBean", "1111",
"http://atl50test2/CLKPCB/111111118/Site/TransfersPayments/opserror.asp",
"BillPay.viewPayees");
byte[] buffer = Encoding.UTF8.GetBytes(data);
req.AllowAutoRedirect = false;
req.KeepAlive = true;
req.Method = "POST";
req.ContentType = "application/x-www-form-urlencoded";
req.ContentLength = buffer.Length;
req.UserAgent = "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
..NET CLR 1.1.4322; .NET CLR 2.0.50727)";


req.CookieContainer = CookieC;

Stream reqst = req.GetRequestStream(); // add form data to request
stream
reqst.Write(buffer, 0, buffer.Length);
reqst.Flush();
reqst.Close();

HttpWebResponse res = (HttpWebResponse)req.GetResponse();


string landingpage= res.Headers["Location"];
CookieC.Add(res.Cookies);


foreach (Cookie cook in CookieC.GetCookies(req.RequestUri))
{
HttpCookie cookie = new HttpCookie(cook.Name);
cookie.Name = cook.Name;
cookie.Value = cook.Value;
cookie.Domain = cook.Domain;
cookie.Expires = cook.Expires;
cookie.Path = cook.Path;
cookie.Secure = cook.Secure;

String str = String.Format("Name {0}: Value {1}: Domain
{2}<BR>", cookie.Name, cookie.Value, cookie.Domain);


HttpContext.Current.Response.AppendCookie(cookie);

}
//This statement fails
HttpContext.Current.Response.Redirect(landingpage);



I have to do the similar thing like automatically login to a third pary web

 

[Guest]

I am reposting my previous post with some correction:

I've to programmatically login to a third party web app (Tomcat/apache) and
take the user to a landing page. I am able to programatically login
succesfullly but it takes me to the landing page but the third part app says
my request is not authenticated. If I look at the logs on Tomcat side, I see
the cookies are getting lost somewhere even though I pass the cookies
between successive requests. I would appreciate any comments or suggestion
regarading how to take the user successfully to the landing page.

string url = "http://10.112.60.86:8080/PCC/servlet/tpservlet";
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);


CookieContainer CookieC = new CookieContainer();



string data =
String.Format("USERID={0}&transactiontype={2}&FIID={3}&AUTHENTICATIONURL={4}&TARGET={5}",
"DDBDB3099C5C04D36B91C0EA786C0996", "729E13B7AFB57796A30",
"UserInqAuthActionBean", "1111",
"http://atl50test2/CLKPCB/111111118/Site/TransfersPayments/opserror.asp",
"BillPay.viewPayees");
byte[] buffer = Encoding.UTF8.GetBytes(data);
req.AllowAutoRedirect = false;
req.KeepAlive = true;
req.Method = "POST";
req.ContentType = "application/x-www-form-urlencoded";
req.ContentLength = buffer.Length;
req.UserAgent = "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
..NET CLR 1.1.4322; .NET CLR 2.0.50727)";


req.CookieContainer = CookieC;

Stream reqst = req.GetRequestStream(); // add form data to request
stream
reqst.Write(buffer, 0, buffer.Length);
reqst.Flush();
reqst.Close();

HttpWebResponse res = (HttpWebResponse)req.GetResponse();


string landingpage= res.Headers["Location"];
CookieC.Add(res.Cookies);


foreach (Cookie cook in CookieC.GetCookies(req.RequestUri))
{
HttpCookie cookie = new HttpCookie(cook.Name);
cookie.Name = cook.Name;
cookie.Value = cook.Value;
cookie.Domain = cook.Domain;
cookie.Expires = cook.Expires;
cookie.Path = cook.Path;
cookie.Secure = cook.Secure;

String str = String.Format("Name {0}: Value {1}: Domain
{2}<BR>", cookie.Name, cookie.Value, cookie.Domain);


HttpContext.Current.Response.AppendCookie(cookie);

}
//This statement redirects to third party web server but it thinks that user
is not authenticate
Response.Redirect(landingpage);

I've to programmatically login to a third party web app (Tomcat/apache) and
take the user to a landing page. I am able to programatically login
succesfullly but I am not able to redirect the browser to the landing page.
If I look at the logs on Tomcat side, I see the cookies are getting lost
somewhere even though I pass the cookies between successive requests. I would
appreciate any comments or suggestion rgeading how to take the user
successfully to the landing page.

string url = "http://10.112.60.86:8080/PCC/servlet/tpservlet";
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);


CookieContainer CookieC = new CookieContainer();



string data =
String.Format("USERID={0}&transactiontype={2}&FIID={3}&AUTHENTICATIONURL={4}&TARGET={5}",
"DDBDB3099C5C04D36B91C0EA786C0996", "729E13B7AFB57796A30",
"UserInqAuthActionBean", "1111",
"http://atl50test2/CLKPCB/111111118/Site/TransfersPayments/opserror.asp",
"BillPay.viewPayees");
byte[] buffer = Encoding.UTF8.GetBytes(data);
req.AllowAutoRedirect = false;
req.KeepAlive = true;
req.Method = "POST";
req.ContentType = "application/x-www-form-urlencoded";
req.ContentLength = buffer.Length;
req.UserAgent = "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
.NET CLR 1.1.4322; .NET CLR 2.0.50727)";


req.CookieContainer = CookieC;

Stream reqst = req.GetRequestStream(); // add form data to request
stream
reqst.Write(buffer, 0, buffer.Length);
reqst.Flush();
reqst.Close();

HttpWebResponse res = (HttpWebResponse)req.GetResponse();


string landingpage= res.Headers["Location"];
CookieC.Add(res.Cookies);


foreach (Cookie cook in CookieC.GetCookies(req.RequestUri))
{
HttpCookie cookie = new HttpCookie(cook.Name);
cookie.Name = cook.Name;
cookie.Value = cook.Value;
cookie.Domain = cook.Domain;
cookie.Expires = cook.Expires;
cookie.Path = cook.Path;
cookie.Secure = cook.Secure;

String str = String.Format("Name {0}: Value {1}: Domain
{2}<BR>", cookie.Name, cookie.Value, cookie.Domain);


HttpContext.Current.Response.AppendCookie(cookie);

}
//This statement fails
HttpContext.Current.Response.Redirect(landingpage);



I have to do the similar thing like automatically login to a third pary web

Hi Victor,

Have you got any further idea on this issue? If there is anything else we
can help, please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.