Re: What is the best way to login my website from another website?

I've also used a solution for public domain "single sign on" scenarios where
we've delivered a "public key" to the customer to encrypt a user name and
password pair into a 64-bit hashed string and pass it back in the URL where
we would then unencrypt it and use the the credentials to authenticate the
user and auto-generate thier forms authentication ticket. It's a bit
elaborate but it works.

I like the web service and temporary GUID solution as well. That's one I've
never thought of before but seems rock solid if there's minimal trust
between the 2 environments for integration purposes.

"Patrice" <http://www.chez.com/scribe/> wrote in message
news:OLhTVMyvHHA.5036@xxxxxxxxxxxxxxxxxxxxxxx
IMO *they* should redirect to your site based upon the web service result
(if credentials are not valid, they'll need to display the page
again).They'll likely then pass a guid associated with the user you
returned to them so that you know which user it is. Make sure this is a
temporary guid so that it is not usable for ages if stolen (changed at
least each time a new login request is issued).

Or else Chad solution that would be what you would do for your inhouse
servers (though I would likely prefer to be "explicit" about such a link
with external world).

Oh BTW, you may want to explain the overall goal as I'm not sure to have
caught the details (basically if all they do is hosting the login page you
could perhaps have a customized login page for them on your own web site
?). They are not using those credentials at all at their site ?

--
Patrice

"rockdale" <rockdale.green@xxxxxxxxx> a écrit dans le message de news:
1183652148.109327.75780@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
So what you mean is I write a web service to accept the user id and
pwd that they passed and do authorization, But how can I redirect them
to my member's home page after I validate user id and pwd?

Thanks for your help

On Jul 5, 12:08 pm, "Patrice" <http://www.chez.com/scribe/> wrote:
AFAIK ASP.NET checks posted data to make sure that they are coming from a
page that was served by the same server.

I would just post to the same page and would transmit data behind the
scene
using a web service...

"rockdale" <rockdale.gr...@xxxxxxxxx> a écrit dans le message de news:
1183650687.509733.262...@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx



Hi, all:

I have a website with its own login page. Now one of my clients want
their employees log into my website from their website. They want to
have their login page (look and feel are different and hosted on
another web server) and then send the user id and pwd to my login
page. What is the best to do this?

Pass the user id and pwd on the url is not a solution since everybody
will see the user's credential.

We are trying to build their login page like following:

<form action="https://mywebsite/Login.aspx"; id="form1" name="form1"
method="post" action="" style="padding:0; margin:0;">
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET"
value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT"
value="" />
<input name="txtUserID" type="text" size="18" />
<input name="txtPWD" type="password" size="18" />
<input name="Submit" type="submit" style="font-size: 10px;"
value="Login" />
</form>

But we got the error
Invalid postback or callback argument. Event validation is enabled
using <pages enableEventValidation="true"/> in configuration or <%@
Page EnableEventValidation="true" %> in a page.

I do not think Disable Event validation is a good idea.

Is there any other better approach?

Thanks a lot.- Hide quoted text -

- Show quoted text -





.

Relevant Pages

  • RE: Login from Internet
    ... \par - You would like to know how to prevent a user not log on the site from Internet if he didn't input his domain credential. ... \par Microsoft Online Partner Support ... \par Subject: Login from Internet ... they get prompted for their credentials again. ...
    (microsoft.public.sharepoint.portalserver)
  • Re: Securing static files
    ... Dominick Baier - DevelopMentor ... they are kicked back to the login page. ... The user may log in with other credentials. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Securing static files
    ... they are kicked back to the login page. ... The user may log in with other credentials. ... The desination after login is mostly static pages (htm/html) ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • AW: Accepting secure context on Server without KDC-Login
    ... So if I understand you right, there is no possibility to tell the Krb5LoginModule NOT to try to login to the KDC, but to fetch the credentials from the keytab-File, if you are using JDK1.4? ... Betreff: Re: Accepting secure context on Server without KDC-Login ...
    (comp.protocols.kerberos)
  • Re: Accepting secure context on Server without KDC-Login
    ... credentials are placed there after a JAAS login by the application. ... Client and server applications typically perform JAAS authentication ... But then how do I tell the server application where to find the keytab file? ...
    (comp.protocols.kerberos)