Re: What is the best way to login my website from another website?
- From: "Patrice" <http://www.chez.com/scribe/>
- Date: Thu, 5 Jul 2007 18:39:37 +0200
IMO *they* should redirect to your site based upon the web service result
(if credentials are not valid, they'll need to display the page
again).They'll likely then pass a guid associated with the user you returned
to them so that you know which user it is. Make sure this is a temporary
guid so that it is not usable for ages if stolen (changed at least each time
a new login request is issued).
Or else Chad solution that would be what you would do for your inhouse
servers (though I would likely prefer to be "explicit" about such a link
with external world).
Oh BTW, you may want to explain the overall goal as I'm not sure to have
caught the details (basically if all they do is hosting the login page you
could perhaps have a customized login page for them on your own web site ?).
They are not using those credentials at all at their site ?
--
Patrice
"rockdale" <rockdale.green@xxxxxxxxx> a écrit dans le message de news:
1183652148.109327.75780@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
So what you mean is I write a web service to accept the user id and
pwd that they passed and do authorization, But how can I redirect them
to my member's home page after I validate user id and pwd?
Thanks for your help
On Jul 5, 12:08 pm, "Patrice" <http://www.chez.com/scribe/> wrote:
AFAIK ASP.NET checks posted data to make sure that they are coming from a
page that was served by the same server.
I would just post to the same page and would transmit data behind the
scene
using a web service...
"rockdale" <rockdale.gr...@xxxxxxxxx> a écrit dans le message de news:
1183650687.509733.262...@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi, all:
I have a website with its own login page. Now one of my clients want
their employees log into my website from their website. They want to
have their login page (look and feel are different and hosted on
another web server) and then send the user id and pwd to my login
page. What is the best to do this?
Pass the user id and pwd on the url is not a solution since everybody
will see the user's credential.
We are trying to build their login page like following:
<form action="https://mywebsite/Login.aspx"; id="form1" name="form1"
method="post" action="" style="padding:0; margin:0;">
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET"
value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT"
value="" />
<input name="txtUserID" type="text" size="18" />
<input name="txtPWD" type="password" size="18" />
<input name="Submit" type="submit" style="font-size: 10px;"
value="Login" />
</form>
But we got the error
Invalid postback or callback argument. Event validation is enabled
using <pages enableEventValidation="true"/> in configuration or <%@
Page EnableEventValidation="true" %> in a page.
I do not think Disable Event validation is a good idea.
Is there any other better approach?
Thanks a lot.- Hide quoted text -
- Show quoted text -
.
- Follow-Ups:
- Re: What is the best way to login my website from another website?
- From: Chad Scharf
- Re: What is the best way to login my website from another website?
- References:
- Prev by Date: Howto provide form data to a BLL/DAL?
- Next by Date: Re: What is the best way to login my website from another website?
- Previous by thread: Re: What is the best way to login my website from another website?
- Next by thread: Re: What is the best way to login my website from another website?
- Index(es):
Relevant Pages
|
