I need to open a asp.net web form from a classic asp page, and pass a
username and password to the asp.net page. The username and password exist
as session variables in the classic asp application.
I can't put the password in the classic asp page form as a hidden field and
submit it, because someone can view source and see the password.
This is a security problem I encounter in a mixed classic asp and asp.net
environment. I don't want to force the users to log in again when they
access the asp.net pages, but how can I transfer the login information from
classic asp to asp.net, without exposing the password? The client doesn't
want integrated security, which would fix everything.
Thanks
Bill 3 2148
Same q was posted by some one yesterday...
One way to handle this is by using a DB driven custom session management (to
keep user information). A single cookie will identify the user(and thus an
entry in DB) from both .NET and ASP pages.
Google for "Session sharing between asp and asp.net"
HTH
"bill" wrote: I need to open a asp.net web form from a classic asp page, and pass a username and password to the asp.net page. The username and password exist as session variables in the classic asp application.
I can't put the password in the classic asp page form as a hidden field and submit it, because someone can view source and see the password.
This is a security problem I encounter in a mixed classic asp and asp.net environment. I don't want to force the users to log in again when they access the asp.net pages, but how can I transfer the login information from classic asp to asp.net, without exposing the password? The client doesn't want integrated security, which would fix everything.
Thanks Bill
Are both applications in the same domain? You could use a cookie to
represent an authenticated user. Both applications will interpret and
honor the cookie.
--
Scott http://www.OdeToCode.com/blogs/scott/
On Fri, 7 Oct 2005 11:24:27 -0400, "bill" <be****@datamti .com> wrote: I need to open a asp.net web form from a classic asp page, and pass a username and password to the asp.net page. The username and password exist as session variables in the classic asp application.
I can't put the password in the classic asp page form as a hidden field and submit it, because someone can view source and see the password.
This is a security problem I encounter in a mixed classic asp and asp.net environment. I don't want to force the users to log in again when they access the asp.net pages, but how can I transfer the login information from classic asp to asp.net, without exposing the password? The client doesn't want integrated security, which would fix everything.
Thanks Bill
bill wrote: I need to open a asp.net web form from a classic asp page, and pass a username and password to the asp.net page. The username and password exist as session variables in the classic asp application.
I can't put the password in the classic asp page form as a hidden field and submit it, because someone can view source and see the password.
This is a security problem I encounter in a mixed classic asp and asp.net environment. I don't want to force the users to log in again when they access the asp.net pages, but how can I transfer the login information from classic asp to asp.net, without exposing the password? The client doesn't want integrated security, which would fix everything.
Thanks Bill
Hi Bill,
My current version of this uses four pages, and still might flash the
password briefly in the status bar:
Home.htm (actually an ASP classic page) has the login form on it. It
submits to Services/Login.asp using POST.
Login.asp has a response.Redire ct to Services/Login.aspx, which pushes
the parameters into the query string (since I can't seem to POST
directly to Login.aspx.
Login.aspx performs the authentication. It then redirects to Home.htm
(passing parameters by query string to say why the login failed), or to
the Service homepage (if they logged in succesfully and they are only a
member of one service), or to Services/SelectService.a spx (if they are
authorised to use multiple services). Importantly, the user never
remains on this page (since in that case, the password would appear in
the address bar)
I know this probably doesn't directly help you, but hopefully provides
some food for thought?
Damien This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Phillip Armitage |
last post by:
I've spent the better part of two days checking out PHP, javascript and
numerous other language sites trying to find what I figure should be be an
easy web script page. Essentially what I want is a self calling script (ASP,
PHP, whatever) which will do the following:
Let's assume that my script is called FTP.ASP
1) Display an HTML login form prompting user to enter a user name and
password. Login button action (either at the button or...
|
by: GreggTB |
last post by:
I've got an page (LOGIN.ASPX) that receives the user's login
information. During the page load, it checks the credentials against a
database and, if validation is successful, creates an instance of an
object that stores the user's basic profile data (username, user type,
associated sales region, etc.).
I've been taking this user info and placing it in the Session object
like so...
Session = user;
|
by: aure_bobo |
last post by:
Hi all,
I'm currently developing a system with several webapps in ASP.NET/C#.
One of my website is used to login user : I will call this website
Webapp1.
Depending on the user attributes, I will send the user to an another
website (let's Webapp2 in my example), where I would like to login
automatically the user with the credentials entered in WebApp1.
|
by: aure_bobo |
last post by:
Hi all,
I'm currently developing a system with several webapps in ASP.NET/C#.
One of my website is used to login user : I will call this website
Webapp1.
Depending on the user attributes, I will send the user to an another
website (let's Webapp2 in my example), where I would like to login
automatically the user with the credentials entered in WebApp1.
|
by: EricRybarczyk |
last post by:
I am starting a rewrite of an existing Classic ASP web site in ASP.NET 2.0.
The existing ASP application has several types of users, each with a separate
login process (separate login page, separate DB tables, etc). For one of
these user types, the current application has an additional input field
required for login… they have a username, password, and another “location
code” field. Please don’t make me explain or justify this…...
| |
by: ldpfrog |
last post by:
This is my first tutorial, so if there are any mistakes please forgive me =).
This will show you a very simple way to read your Login information from an outside text file.
What you need:
1. Add a new "Login Dialog" form to your project.
2. Completely erase the code inside of it, but keep the interface.
3. Create a text file listing your usernames and passwords one line after the other.
Your text file should look like this (without...
|
by: klenwell |
last post by:
Another request for comments here.
I'd like to accomplish something like the scheme outlined at this page
here:
http://tinyurl.com/3dtcdr
In a nutshell, the form uses javascript to hash (md5) the password
field using a random one-time salt (nonce) -- generated by php and
pasted in the form -- that is then posted with the hashed password
|
by: satishknight |
last post by:
Hi,
Can some one tell me how to change the validation sequence for the code pasted below, actually what I want it when any one enters the wrong login information (already registered users) then it has to tell then them its wrong information but currently it takes then to a next page and then tells them its incorrect information. This is tedious as every time they enter wrong they will be redirected to a different page and then they have to...
|
by: daokfella |
last post by:
I have a Login.aspx page that takes care of all my login procedures
(validation, lockouts, password change requirements, password
retrieval, etc.) It works like a charm. However, now I'd like a "quick
login" control to appear in the banner at the top of my master page.
This control will just have a username and password textbox and login
button. I want to reuse all the same code. Plus, if the credentials
are incorrect, or additional...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| | |