javascript - Implementing automatic login to 3rd party website -


my node-based web service links external 3rd party site requires username/password have (but not same login ofr our webservice). provide seamless user experience, when user clicks link 3rd party site, automatically log them in username/password, , take them straight external page's dashboard.

at least, pre-populate 3rd party login form information, this post detailing similar situation doesn't make me optimistic.

i not believe 3rd party site supports oauth or existing sso protocols. cannot use iframe. 1 viable option seems using some kind of proxy, or using requests (or tokens?) 3rd party site.

knowing have no control on 3rd party login, high-level options how accomplish end goal? things need wary of when choosing solution?

the short answer cannot accomplish if foreign site uses csrf protection on form, or doesn't allow querystring parameters form inputs.

here's can try:

inspect source code of login page, , use html input name tag values in querystring redirect. if form has username , password input fields, you'd use 2 names.

now -- please keep in mind you're attempting not idea.

storing user's credentials website huge security risk, , not idea. if site / service doesn't offer sso / oauth, going problem in future.

among other things, here of bad things can happen:

  • someone gets hold of domain , captures requests username/password.
  • the user's computer has been hijacked or man-in-the-middled such when redirect user website, third party captures username/password info.
  • the website changes login form, , end sending credentials place on accident.
  • the website logs incoming requests, , has bunch of credentials stored in plain text on web servers (if these logs out, that's bad).

Comments

Post a Comment

Popular posts from this blog

toolbar - How to add link to user registration inside toobar in admin joomla 3 custom component -

im trying write component admin side , need add user creation. dont want duplicate existing codes add link. know how add task not simple link toolbar. thx help. if wanting button opens new user screen can try in component: $bar = jtoolbar::getinstance('toolbar'); $bar->appendbutton('link', 'users', 'new user','index.php?option=com_users&task=user.add'); you need add view.html.php file wherever you're creating toolbar. is need?
Read more

linux - disk space limitation when creating war file -

i have 1 gb disk space limitation hosting app , have used 700mb of it. however want create war file directory big (around 600mb) using command : jar -cvf root.war folderpath that's why encounter quota limitation , can't following. i'm looking way delete folder content when it's applying archive conserve disk space take note can't install zip tool in ssh shell ~ the code works on test directories, test first anyway, deletes files. it's not efficient. assumptions: 300mb free space, in destructively compress 600mb folderpath directory. none of files big -- if file in folderpath 300mb or larger, fail. notes: if ' $out ' file exists, nothing. first find pipes file list while , if ' $out ' doesn't exist in loop, create it, don't update -- if does exist, update it. each pass adds 1 more file, deletes unless file directory. after loop finishes delete empty directories too. unset u ; in=folderpath ; out=roo...
Read more

How to provide Authorization & Authentication using Asp.net, C#? -

Image
i have asp.net application in c#. i have provide page authorization specific user/usergroup. i have created 2 tables in database: 1) pagename 2)permissions[insert, update, view, delete] but i'm unable match tables , permissions assigning... can 1 please me, how created tables in database , how coding. please me. you can below explanation. configure access specific file , folder, set forms-based authentication. request page in application redirected logon.aspx automatically. in web.config file, type or paste following code. this code grants users access default1.aspx page , subdir1 folder . <configuration> <system.web> <authentication mode="forms" > <forms loginurl="login.aspx" name=".aspnetauth" protection="none" path="/" timeout="20" > </forms> </authentication> <!-- section denies access files in...
Read more