How do I redirect url based on register client in c# .net or asp.net 4.0. For example if client registers as "client1" and our website is www.mycompany.com for every page client proceeds should get www.client1.mycompany.com.
More detailed example:
For example another client created is Client2. The pages i have created in general is like
"www.mycompany.com/product.aspx"
"www.mycompany.com/categories.aspx" should be shown as
"www.client2.mycompany.com/product.aspx" and
"www.client2.mycompany.com/categories.aspx" respectively
I have searched on web and found for static pages or using Gloabal.asax during startup of application but haven't found any thing after user logged in.
I have done something similar before in a few sites and there are a couple methods you could use. Assuming that you have a url setup so that all subdomains ( *.url.com) will send any user to your server and you have IIS setup to handle them all (i.e. no host header required, just IP) in the same site you can use one of the following methods:
After login simply send the user to that url. Since .Net won’t care the url the server knows how to render it, then it should be that simple. This assumes all your navigation uses relative paths and you must enable cookie sharing for that domain. This is required if the cookie for login was give on 1.url.com and you send them to 2.url.com You can share cookies in the same domain, requires a little work, but can be done.
Create a generic login page that does a web service request back to the server to see if the user can login. If he or she can have it send back to the browser a command, along with the correct url, that tell the clients browser to post directly to that sites login page (send username, password). This will login them into their site and assign the cookies correctly all from one simple login page. You could even make an external login page that only exists for this purpose. In the end all the generic page did was see if they could login and the sent their credentials to the correct page that did the login. I recommend this be done in a post with ssl for security reasons.
I hope that makes since.
There's a project called UrlRewritingNet which I use - it's pretty old but the source is available so you could recompile it for 4.0.
Link is at http://urlrewriting.net/149/en/home.html
Related
Ok so I think I've settled on choosing BLAZOR for my upcoming project. But first I need to do something that is seemingly very basic.
For context, Blazor Server side will be how I interface with my SQL Server dB, I want "individual accounts" mode to be the way users authenticate. I'm using net 6.0,almost all tutorials out there seem to be net 5 since they all still have startup.cs files. Ok, but I also am creating a parallel app that is NOT a website, but I want it to grab data from the same database via routes after authenticating.
For example, website.com/api/data?variablestograb as a GET would send me some json data.
OK that being said, how do I login programmatically from an outside app? If you must know, the outside app is part of Unity C#. But that doesn't matter so much, what itll do is use a post call to login in via the api routes. Something like
Website.com/api/login?un=blah&pw=haha
This will generate a cookie and I can grab it with the session data and I'll use this with every get call hence.
Just using the basic templates, Blazor server net 6.0 with individual auth, how do I set up such a route? Looking at the files, I'm at a complete loss on how the login pages are actually passing data around.
Thanks!
Update: the specific ask is exactly how do I modify the Blazor Server Net 6 Individual Accounts template to allow me to authenticate a user via an external access api? My thought would be to reference the route above for /login/ but that might not even be the best practice. But even if it is, how exactly and where would I update the template to make this happen?
(I have a feeling it's pretty basic to do, but I've been reading tutorials for weeks now and they're all just talking about internal authentication and verification within each Blazor component. I basically want an external program to also be able to "drive the car" remotely, but first it must authenticate.)
If you're building an API for this from scratch, then it seems like you have the right idea, no matter what happens, you're going to send the cookie to be website every request or at least a session id which contains all the information provided. From a database perspective maybe create a session table which then contains all the info you want and also can be easily found. That's a way for you to create a cookie for client server communication, however this is from my limited knowledge and may not be the best way.
I'd recommend hiding information like keys in the header to prevent exposure, looking at other APIs like the Spotify API you can see they set the authorisation bearer.
Exposing all the information for the credentials in the URL for what could be sensitive database behaviour may not be the best. You can hide the information in the header for every request you make.
Maybe have a default controller that obtains the user information before handling any specific requests and making it accessible to your other methods/requests?
The basic process for any external authentication is:
Redirect to the external log in page.
External Provider does it business.
External provider posts to a page on your site with the authentication information included - normally security info in the header or a cookie.
The Blazor app reads the authentication information with the AuthenticationStateProvider.
Normally you just need to write a customer AuthenticationStateProvider and code to redirect if the user is not authorized. This may be a manual button in the top bar, a you aren't logged in page with a button to log in, or an automatic redirect to the provider. The return for the provider is either your landing page or some other page to tell them they logged in successfully.
The custom AuthenticationStateProvider replaces the standard one in DI services and provides the security information to the Authorization components.
Search for "blazor custom authentication provider" will get you lots of good resources.
Let's say I have two websites that live on separate domains, and they have been authenticated with SSO login. I log into the first website and authenticate, and now I decide to visit the second website using a link visible in 1st website. This link redirect to the second website and no credentials needed. (Note that these websites are developed and hosted by some other company and I don't have access to the source code. I have one login credentials and I am expecting to access the page data of second website)
I want to access the websites using .net code. I have done some work and gone up to accessing the link of first website using HTTP requests and cookies which redirects to the second website. But soon after I clicked the link it open domain 2 in new browser tab and generates new session id as well. It doesn't have any connection with first website cookie. But I can access the data of website 2 when I pass the URL and current session id of website 2 manually.
Is there any security mechanism behind SSO login which can be break through to access the common session Id for both website 1 and website 2?How can I find the connection between two domains when they have two session Ids. I can't post the codes here as it have some privacy information of my client.
I solved the problem. There was SAML request and relay state which were sent to login server from both domains. Even though they are not identical, we have to consider them when access the form data. Also with cookies I had to send pls_login_cookietime specifically from the very first request to last request.
Ex:
var cookie =
new
{
pls_login_cookieTime = Cookietime.CookieValue("pls_login_cookieTime"),
pls_login_SimpleSAMLSessionID = HttpUtility.UrlEncode(login.CookieValue("pls_login_SimpleSAMLSessionID")),
TimeOutCheckID = login.CookieValue("TimeOutCheckID"),
pls_login_SimpleSAMLAuthToken = login.CookieValue("pls_login_SimpleSAMLAuthToken"),
pls_login_rememberme =login.CookieValue("pls_login_rememberme")
Here Cookietime and login are two different url accessing where CookieTime is the initial url and login includes the login server url. Even though login doesn't provide response cookie as pls_login_cookieTime, I had to pass it for final url as request headers.
They were very little confusions. If you use tools like fiddler to check http requests you can understand most of the part how they have manged cookies in multiple domains. Rest is in your hand. You have to think little bit hard and differently. But overall it is not difficult. It is just confused only.
I'm trying to implement Office 365 Single Sign On using WSFederation and I have built an ASP.NET MCV app according to these instructions.
It works to a degree; the user is directed to sign in to Azure AD and reaches the home page.
Some people who will use this app belong to companies who have their own custom Microsoft login pages- the user is redirected to these when they enter their email and press tab. If their login page is very customised, they then have to enter their email again. My question is this: is there a way to redirect the user to the custom login page automatically, since I already know which organisation they belong to?
I have tried changing the wsFederation homeRealm in the web.config to the organisation domain name, which ought to work but does not. It adds "&?whr=domain.org" (for example) to the end of the URL generated by the app. The reason it doesn't work is that when this URL is followed, Microsoft redirects the user to a slightly different address where they log in and the home realm (whr) parameter is lost.
Is there any way to automatically redirect to the organisation's login page? Or am I simply building the wrong type of app?
Thanks in advance,
LD.
Well, I seem to have answered my own question.
There are probably better ways, but this is what I did:
Using these instructions I created a sign in controller and passed the url of the actual login page (which is different from the url generated by the app) into the Redirect function. I added a whr parameter to this and everything redirects properly.
So I play an online game that's web based and I'd like to automate certain things with it using C#. Problem is that I can't simply use WebClient.DownloadData() because I need to be logged in to actually recieve the source. The other alternative was to use the built-in web browser control but that doesn't give me access to source code. Any suggestions?
I don't think NetworkCredentials will work in all cases. This only works with "Basic" or "Negotiate" authentication.
I've done this before with an internal website for some load testing, but sounds like you are trying to "game" the game. For that reason I won't go into details but the login to the site is probably being done in the form of an HTTP POST when you hit the login button.
You'd have to trap the POST request and replicate it in your code and make sure that your implementation maintains the session state as well, because if the game site is written well at all it will make sure that the current session has logged in before doing anything game related.
You can set the login credentials on the webclient using its Credentials property before calling DownloadData:
WebClient client = new WebClient();
client.Credentials = new NetworkCredential("username", "password");
EDIT: As mjmarsh points out, this will only work for sites that use a challenge-response method of authentication as part of a single request (I'm so used to dealing with this at work, I hadn't considered the other types!). If the site uses forms authentication (or indeed any other form of authentication), this method will not work as the authentication is not part of a single request - multiple requests are needed that you will need to handle yourself.
Network credentials will not work as mjmarsh has already pointed out.
While web scraping we come across lot of pages where login is needed. One of the approaches I use is install fiddler and monitor the POST and GET packets while manually logging in the site. This allows you to find out how the browser emulates the login. Then you need to recreate the same process by Code.
For example, most web servers use cookies to assume the session is authenticated. So you can use the credentials to post UserName and Password on the web site and record the Cookie. This cookie can then be used to access any further details on the web site.
Please check following link to check out more about Advanced Web Scraping:
http://krishnan.co.in/blog/post/Web-Scraping-Yahoo-Mail.aspx
In this blog, you will find how to authenticate into Yahoo account and then read the page after authentication.
I'm using WPF and C#.
I want to be able to launch a browser window, most likely IE, and provide known credentials so that the Windows-based application can handle the transition from itself to an outside browser without having the user enter his/her credentials again.
I do know how to launch the browser:
System.Diagnostics.Process.Start(url);
My main question is, how can I attach authentication to that? Perhaps by adding headers to it somehow?
Lastly, I don't really want to use the new WebBrowser control inside of WPF due to it's current problems with displaying with a transparent window.
1) You have to know how to "log in".
To do this login manually in the web application and trace the http traffic with http debugger like Fiddler. Pay attention what kind of http requests are sent, what names have the parameters, etc.
Once you know what sequence of http requests has to be send to log in you has to do this with the browser.
2) Implement log in automatically
2.1) If by any chance log in happens via http GET - just append the right query string to the url and start the browser. This could happen only if you control the web application and build in this mechanism, other wise log in is almost always implemented as POST with https.
2.2) If you have to do POST request you have several options:
2.2.1) You could provide local html document, that contains javascript and make ajax call to the login form from the javascript. To pass the parameters you could use get parameters.
2.2.2) If nothing else works you will have to use the browser via COM (WebBrowser control)
It's going to depend on how the web site handles user authentication. If you own the website, you can create a url that will log the user in with the information you provide.
Nick,
The authentication will be handled in different ways: -
Proxy Authentication is handled by Windows manually.
Forms Based authentication is handled by cookies, so the user needs to have the cookies present.
Windows NTML might be in the 'keychain' on the Operating system (Remember this password).
Cheers,
Phil.