How to pass username and password between sites?
-
Hi! I'm working in two sites! lets say that first is the public second the private one! in public site, we add a login form which redirects to the second site (in case the username and psw are correct). Now I want the user login in second site instead showing the login page (which are by default) My current problem is that sessions don't work between sites. And Query Strings are very unsecure in that way (any user writing the correct QS would login or psw would be seen in the url). How can I correct this little issue?? :confused:
-
Hi! I'm working in two sites! lets say that first is the public second the private one! in public site, we add a login form which redirects to the second site (in case the username and psw are correct). Now I want the user login in second site instead showing the login page (which are by default) My current problem is that sessions don't work between sites. And Query Strings are very unsecure in that way (any user writing the correct QS would login or psw would be seen in the url). How can I correct this little issue?? :confused:
If you encrypt your data before puttning it into the query string, i think this is the best way. you can encrypt using the following method:
public static string Encrypt(string originalString) { if (String.IsNullOrEmpty(originalString)) { throw new ArgumentNullException("The string which needs to be encrypted can not be null."); } DESCryptoServiceProvider cryptoProvider = new DESCryptoServiceProvider(); MemoryStream memoryStream = new MemoryStream(); CryptoStream cryptoStream = new CryptoStream(memoryStream, cryptoProvider.CreateEncryptor(privateKey, privateKey), CryptoStreamMode.Write); StreamWriter writer = new StreamWriter(cryptoStream); writer.Write(originalString); writer.Flush(); cryptoStream.FlushFinalBlock(); writer.Flush(); return Convert.ToBase64String(memoryStream.GetBuffer(), 0, (int)memoryStream.Length); }where privateKey is a byte[] of choice.
private static byte[] privateKey = ASCIIEncoding.ASCII.GetBytes("#privateKey#!!#");
or something like that.
Andreas Johansson
IT Professional at Office IT Partner i Norrbotten Sweden
What we don't know. We learn.
What you don't know. We teach -
If you encrypt your data before puttning it into the query string, i think this is the best way. you can encrypt using the following method:
public static string Encrypt(string originalString) { if (String.IsNullOrEmpty(originalString)) { throw new ArgumentNullException("The string which needs to be encrypted can not be null."); } DESCryptoServiceProvider cryptoProvider = new DESCryptoServiceProvider(); MemoryStream memoryStream = new MemoryStream(); CryptoStream cryptoStream = new CryptoStream(memoryStream, cryptoProvider.CreateEncryptor(privateKey, privateKey), CryptoStreamMode.Write); StreamWriter writer = new StreamWriter(cryptoStream); writer.Write(originalString); writer.Flush(); cryptoStream.FlushFinalBlock(); writer.Flush(); return Convert.ToBase64String(memoryStream.GetBuffer(), 0, (int)memoryStream.Length); }where privateKey is a byte[] of choice.
private static byte[] privateKey = ASCIIEncoding.ASCII.GetBytes("#privateKey#!!#");
or something like that.
Andreas Johansson
IT Professional at Office IT Partner i Norrbotten Sweden
What we don't know. We learn.
What you don't know. We teachHi! thanks for reply! Ok! that's a good alternative! I've read about it and it seems well! but I was wondering if there's a way to don't involve the url in the login process! Anyway it might be the best solution (if there isn't another better) Thanks Andreas X ;)
-
Hi! thanks for reply! Ok! that's a good alternative! I've read about it and it seems well! but I was wondering if there's a way to don't involve the url in the login process! Anyway it might be the best solution (if there isn't another better) Thanks Andreas X ;)
-
Hi! I'm working in two sites! lets say that first is the public second the private one! in public site, we add a login form which redirects to the second site (in case the username and psw are correct). Now I want the user login in second site instead showing the login page (which are by default) My current problem is that sessions don't work between sites. And Query Strings are very unsecure in that way (any user writing the correct QS would login or psw would be seen in the url). How can I correct this little issue?? :confused:
Ap per my knowledge query string is the best option to pass values to other sites/web pages. Hope this helps.
Hope this helps.