I'm currently the webmaster of a travel agency site (call it http://www.myagencyweb.com) which uses aspx functionality.
This website has a page to review some promotions of the agency's partners (http://www.myagencyweb.com/partners.aspx)
The partners.aspx page has links to each partner's website, and each page uses different technology (asp, php, etc), but all of them need login data to access the promotions. Te login data is different for each partner's website, but I already have all
the logins I need.
The problem is that I've been asked to find a way to make our links on http://www.myagencyweb.com/partners.aspx to
autologin on the different partner's websites, so the user can browse them without "seemlessly" going out of our site
I've already tried writing the POST variables as shown in http://forums.asp.net/t/1364414.aspx/1?HttpWebRequest+and+HttpWebResponse+question but
I can only get the HTML of the partner's logged in page (when I'm lucky, when not I get a 500 server error). Anyway, I cannot interact with the page because the URL remains on the myagencyweb.com domain.
I guess there's a way to do this session transfer, like when we login to hotmail and then we go to the skydrive domain, and then we can go to the microsoft.com domain and it still recognizes our session... well, just guessing.
I'll make more research on this, but anyway, I hope you can help me.
I will not suggest to fill and submit a login form automatically with javascript; A website with that kind of behaviour will be blocked by some browser clients and even search engines.
So my advice is to hand shake with your partner sites. And create login session by having one time authentication token via request query.
e.g. http://www.yourpartnersite.com/?tokenkey=xxxxxxxxxx
Yes, I realized that since the moment I heard it... Felt like a spammer
I was just wondering if there was a way of making it without hijacking the form, because my intention is not to attack the site, I already have the login data and I just wanted to save the
exhausting work of entering the login data to the client... anyway... I guess that's what a spammer would say
I found only one of our partners to have their site prepared to receive login data by query string
_wakamohle
Member
6 Points
6 Posts
Page making autologin to another site
Jun 14, 2012 07:59 PM|LINK
Hello everyone!!
I'm currently the webmaster of a travel agency site (call it http://www.myagencyweb.com) which uses aspx functionality.
This website has a page to review some promotions of the agency's partners (http://www.myagencyweb.com/partners.aspx)
The partners.aspx page has links to each partner's website, and each page uses different technology (asp, php, etc), but all of them need login data to access the promotions. Te login data is different for each partner's website, but I already have all the logins I need.
The problem is that I've been asked to find a way to make our links on http://www.myagencyweb.com/partners.aspx to autologin on the different partner's websites, so the user can browse them without "seemlessly" going out of our site
I've already tried writing the POST variables as shown in http://forums.asp.net/t/1364414.aspx/1?HttpWebRequest+and+HttpWebResponse+question but I can only get the HTML of the partner's logged in page (when I'm lucky, when not I get a 500 server error). Anyway, I cannot interact with the page because the URL remains on the myagencyweb.com domain.
I guess there's a way to do this session transfer, like when we login to hotmail and then we go to the skydrive domain, and then we can go to the microsoft.com domain and it still recognizes our session... well, just guessing.
I'll make more research on this, but anyway, I hope you can help me.
Thanks in advance
request Auto-login
tinmgaye
Member
430 Points
80 Posts
Re: Page making autologin to another site
Jun 15, 2012 04:31 AM|LINK
Sounds like "form hijacking"
I will not suggest to fill and submit a login form automatically with javascript; A website with that kind of behaviour will be blocked by some browser clients and even search engines.
So my advice is to hand shake with your partner sites. And create login session by having one time authentication token via request query.
e.g. http://www.yourpartnersite.com/?tokenkey=xxxxxxxxxx
Hope this helps.
_wakamohle
Member
6 Points
6 Posts
Re: Page making autologin to another site
Jun 15, 2012 03:52 PM|LINK
Thank you tinmgaye,
Yes, I realized that since the moment I heard it... Felt like a spammer
I was just wondering if there was a way of making it without hijacking the form, because my intention is not to attack the site, I already have the login data and I just wanted to save the exhausting work of entering the login data to the client... anyway... I guess that's what a spammer would say
I found only one of our partners to have their site prepared to receive login data by query string
Nevermind... I hope not to lose my job for this