Last post Oct 05, 2012 04:08 PM by PSP_152890
Oct 02, 2012 04:28 PM|PSP_152890|LINK
We have a requirement to launch a external web site from our Enterprise web application. The login credentials needs to be populated in the external site and data needs to be downloaded into our local machine.
External web site has security character so it require manual inputs.
We are planning to create small windows apps which loads the web site and populate the credentials. The windows apps placed in theserver and web site invoke the windows apps to load the page.
Is there any security issue when i invoke the win apps from my web site?
Any other approach to solve this issue.
Web Apps: .NET2.0
Oct 03, 2012 04:42 AM|chandruasp|LINK
To my knowledage, there wont be any security issue when you invoke win apps from your website provided the basic asp.net settings are configured (e.g impersonation) but interaction between win apps and ext-website should be issue until you handle its security
steps. definately firwall should be considered here and also performance??
I would recommend to check with vendor of ext-website, whether they have Web service for this purpose, if so then you can easily achive the same with minimal changes and more secured way.
I may understand your requirement clearly if you clarify me below points.
1. data download. Is it resource download or Data population like dataset, EF etc
2.crendential popultaion inside win apps, what is that and how?
3.Security character inputs. what is that and why?
4. What kind authentication is enabled in your app and ext-website?
Share your thoughts...
Oct 03, 2012 03:26 PM|PSP_152890|LINK
Thanks for the reply...
There is no service exposed from vendor.
We will upload list of customer details, vendor provide detailed transaction in a excel sheet.
Currently, manually agent login into the system and upload excel sheet with basic customer details, vendor site provide me another sheet with customer transaction. During upload, it ask for verification like printing the character. Like when you create a
google account, you will get the verification characters...
To automate this process, we just load the web site in win application and populate user name/pwd in the web page and agent manually enter the verification key and click login. The user name and pwd will not be shared to all the agent and it will be controlled
Vendor site is form authentication which may not be .NET site.
There is no communication required from web and win app but it will get initiated on click a button/link from web site.
Let me know if any better options to solve this problem.
Oct 04, 2012 04:49 AM|chandruasp|LINK
It appears me that you are going to hide the credentials from agent through win app that is an installable client software (or part of Enterprise app) that would request the web page (not an intranet app and no service exposesd) but anyway agent has to mannualy
feed the secuirty key to start upload, there is no need of state managment with respect to the user and transactions.
Why Win app is required here? Is it for generate login credentials? if that is the case then it is costly process, you should create a private web service and consume from ur web site for credentials generation so that it will hide the login details from
agent at the same time you will have more flexiblity to connect to ext-website from your web application.
Oct 05, 2012 04:08 PM|PSP_152890|LINK
To login into remote site, we just loaded external web site in another web page and post the user id and pwd using HttpWebRequest and HttpWebResponse object.
Reference url: http://forums.asp.net/p/1197857/2076276.aspx