Re: What is the best way to login my website from another website?

If your customer's site is a trusted site and the only one served by your
application you could give them a generated <machineKey /> tag for thier
site's web config to match your site's web.config. That would spoof your app
into passing the post from thier login page as if it had come from the same
server.

This is assuming of course that thier web site is an ASP.NET web site or at
least an IIS hosted web site that can be configured using the .NET framework
and a web.config file.

"Patrice" <http://www.chez.com/scribe/> wrote in message
news:eu4i76xvHHA.4612@xxxxxxxxxxxxxxxxxxxxxxx
AFAIK ASP.NET checks posted data to make sure that they are coming from a
page that was served by the same server.

I would just post to the same page and would transmit data behind the
scene using a web service...



"rockdale" <rockdale.green@xxxxxxxxx> a écrit dans le message de news:
1183650687.509733.262840@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi, all:

I have a website with its own login page. Now one of my clients want
their employees log into my website from their website. They want to
have their login page (look and feel are different and hosted on
another web server) and then send the user id and pwd to my login
page. What is the best to do this?

Pass the user id and pwd on the url is not a solution since everybody
will see the user's credential.

We are trying to build their login page like following:

<form action="https://mywebsite/Login.aspx"; id="form1" name="form1"
method="post" action="" style="padding:0; margin:0;">
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET"
value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT"
value="" />
<input name="txtUserID" type="text" size="18" />
<input name="txtPWD" type="password" size="18" />
<input name="Submit" type="submit" style="font-size: 10px;"
value="Login" />
</form>

But we got the error
Invalid postback or callback argument. Event validation is enabled
using <pages enableEventValidation="true"/> in configuration or <%@
Page EnableEventValidation="true" %> in a page.

I do not think Disable Event validation is a good idea.

Is there any other better approach?

Thanks a lot.





.

Relevant Pages

  • Inet & Sessions
    ... I am writing an app that signs into a web site and then scrapes some ... I am able to login into the website no problem ... However, when I then try to open another webpage via Inet.OpenURL, the ...
    (microsoft.public.vb.controls)
  • MySpace Data Phished and Leaked
    ... MySpace user login and password data has recently been ... exposed and posted online. ... researchers looking into the phishing techniques ... were quickly updated to warn users visiting the Web site. ...
    (comp.security.misc)
  • RE: Back Button
    ... The web site contains 3 frames,. ... the top frame has a link to another external site, ... external site, but if the user decide later to go back to my web site, he always got redirected to the login page ... If I click the Back button, the code does not get executed on the server side, since, I cannot catch it neither ...
    (microsoft.public.vsnet.general)
  • Re: Email "portal" in Python?
    ... > aggregator, weather forecast, comics, etc. ... > web site, think of all of it being sent daily as an email. ... I've nearly completed a 'login module' for use with Python CGIs. ...
    (comp.lang.python)
  • Thumbnail security problem?
    ... Is there a known problem with Explorer Thumbnail viewer in regards to ... Login into a web site that uses BASIC AUTHENTICATION where the browser ...
    (microsoft.public.security)