Auto-Login From another App

Rate this topic:

Please Register to post a reply.

Another benefit of registration is the ability to subscribe to and recieve notifications of new posts.

Author

Messages

Tigris
Posts:25

08/24/2007 12:37 PM
I am hoping for suggestions on how to best implement the following: On a Windows Application that resides on any number of computers, all different ip addresses, I would like add a button that would re-direct to my DNN portal. If the user has the proper credentials, which is determined by custom profile properties, I would like to 'auto-login' the client.. I think the best way is to send the values that will determine user authentication is to include them as URL parameters. The trick is, how could I best send them securely? I was thinking I would encrypt them but the catch is, the Windows app was written in ASP.NET 1.1 and I am running DNN 4.5.3, so I am unsure if/how I could do the encryption. Any suggestions would be appreciated. Thanks in advance, Frank

John Mitchell
Posts:3249

08/24/2007 1:24 PM
You can Encrypt it in a 1.1 framework app and decrypt it in a 2.0 framework as long as you use the same encryption method. Keep in mind though, that even if it is encrypted that won't keep the querystring from being hijacked and used by someone else so you may want to do it using SSL and a post. You might also be interested in this: http://www.snowcovered.com/snowcovered2/Default.aspx?tabid=242&r=3f3f44b3d3&PackageID=7593

Tigris
Posts:25

08/24/2007 2:02 PM
Thanks for your reply. Could you explain on how I would use SSL and a post? I do have a SSL certificate on the server, and had thought about redirecting with 'https://myportal.org' but I didn't think that this would encrypt the URL. Frank

John Mitchell
Posts:3249

08/24/2007 2:13 PM
You would create the sending application with hidden text fields inside a < form > and then set the method ="POST" and the action="https://recievingapp" Then you would have a submit button on the form. If the sending application was also on a secure URL then you wouldn't even need to encrypt the password unless you were trying to hide the real password from the user that would be using it to get logged in to the other app.

Tigris
Posts:25

08/24/2007 2:35 PM
Ok, I get it now. Because the data would be IN the form, the data is encrypted when it is sent, and decrypted when received. I see this working when I redirect to my portal from a classic asp site, which I do need to do, but is this possible as well if user is being redirected from a client side Windows application?

Tigris
Posts:25

08/24/2007 3:02 PM
I think what I will do, is have the install executable for the Windows app add an asp file in its program directory, populate fields with a call to that LOCAL asp page, and then have it redirect to my portal. That way the call to the local file can't be intercepted, right?

John Mitchell
Posts:3249

08/24/2007 3:17 PM
That sounds like it would work. I've never tried to post to a web page from a winforms app though. You may be able to do it with the System.Net.HttpRequest class.

Tigris
Posts:25

08/24/2007 4:02 PM
The code below can be used to open the default browser and display an webpage. Anyway, thanks again for your thoughts. You definitley got me going in the correct direction. string target= "https://www.myportal.com";try { System.Diagnostics.Process.Start(target); } catch ( System.ComponentModel.Win32Exception noBrowser) { MessageBox.Show(noBrowser.Message); } { MessageBox.Show(other.Message); } if (noBrowser.ErrorCode==-2147467259)catch (System.Exception other)

John Mitchell
Posts:3249

08/24/2007 4:08 PM
Cool. Thanks for posting the code.

Please Register to post a reply.

Another benefit of registration is the ability to subscribe to and recieve notifications of new posts.