I have two applications, say app. A and app. B. App A. sends form data (using the post method) to app B. B however, is a web application and uses forms authentication. The post data is send to a webpage (viewdocument.aspx) which is secured by forms authentication. But when the data is send to viewdocument, the login page is displayed because the user isn't authenticated.
The point is, I want the post data to be read by viewdocument. How can I do this?
You can allow all users to access your viewdocument page (by setting authorization in your web.config), get the values of the post in your page load and then, manually do:
if (!User.Identity.IsAuthenticated)
FormsAuthentication.RedirectToLoginPage();
//Else continue with page display
This way, you will protected the display of your page but be able to send data to the page with any user.
I hope it will help
If your web app is only for accept data use web-services.
I think you want to consider separating out the two process - accepting data from another web site, and displaying data to a user. This way the you get nice separation of logic which can improve maintainability. And I'm not sure how you are going to go POSTing data from one website to another as POST should go back to the original webpage. I would do as #Kane suggested in his comment and use a service to accept the incoming data. This could be built to accept the current data, but would also be easily extensible if you ever need to receive data from other sites. Your page for displaying the data would then be a lot more simple and clearer for developers to work on.
Related
I have an MVC web app with an API backend. I have an exe which polls the API every x minutes to retrieve some informaton. I have that portion working, however I want to extend this functionality a bit. I want the user to be able to click on the winform that pops up and then have the user automatically be directed to the website to a special page which shows details about the pop up (basically it's retrieving some info of an event)....I can do a simple Process.Start() to the website however the website needs authentication.
The web app has standard OWIN authentication...now my question is how I can automatically have some sort of authentication passed into this Process.Start() where by I can automatically login.
It basically hits an "Account" controller....I was able to simulate what I wanted (automatic authentication) via Postman but it didn't work on the Winform app.
Is there any other way to do this?
I can post some code if needed.
When doing things like this in the past I have opted to generate a GUID and place it in my db, then use that GUID with whatever extra information it needs to authenticate my user. I don't know how this falls into your security requirements however.
I am working on a C# WebApi/MVC project that has a rather large workflow process for creating a user and placing in their required information.
There is about 10 major steps involved, in which it could technically take a user hours to fill out.
The first step takes standard basic information such as username, password, email, name, address etc.
What I would like to do is after this first step is successful, send a rest call that will create the basic user in the user table, and then prepare a session for the further steps in which when any field is filled out in the next steps, it will automatically send an ajax call and update the field in the database.
While this all sounds easy and simple in theory with the use of sessions, which I could do in MVC, I want to do this in WebApi with REST in which REST is supposed to be STATELESS.
Has anyone come across similar issues, and if so what do they recommend as an approach? The options I can currently think of are:
-Ditch the REST for standard MVC for this process and leave WebAPI for only Reads instead of Writes as the only Write process is the inital creation of users/accounts.
-Using Authentication tokens? But can this handle this process successfully?
-Once the user is created, take the username/password for every REST call as the auth to the WebAPI? Store the User/Password in MVC session and directly call the API from MVC, mobile applications would just store the username/password in the application and call the WebAPI (I think this is the most appropriate)
Can anyone tell me if any of those options are the best practice, or does anyone have a better best practice/process for these things? I would prefer to write things once to cover Web and Mobile as much as possible rather than having to duplicate processes.
Thanks in advance!!!
I would consider to modify regular WebAPI OWIN register flow.
Collect basic user info and post to Web API via Ajax. If succeeded -
send OWIN token back to the caller in HTTP header.
Proceed to extra
steps for user info updates (via HTTP PUT for example) and put the
token in authenticate header. Mark WebAPI update procedure with
Authorize attribute.
This blog post could help to setup WebAPI to issue and accept bearer tokens.
I have very minimal experience with anything web related so apologies if this is a silly question.
I have a Wordpress site with a contact form which users can use to send me a message from the website. The user fills out the form, and it is converted into an email and sent to me.
I would like to have similar functionality from my c# desktop application.
In other words, I am looking for a way to either programmatically invoke the contact form on my website, or to send information to my website, which it will convert into an email and send it to me directly.
What general concepts should I be looking into?
The information typed into the web form is probably sent back to the web server using the HTTP POST method. Essentially the data entered into the web form is converted to name values pairs and sent to the WordPress app. More information on HTTP POST here: HTTP POST (Wikipedia)
To do the same from a C# app, you need to format the data to POST in a similar way and then look at using the HttpWebRequest class. This stackoverflow thread shows an example: HTTP request with POST. If you POST the information to the same URL the web page is using then the server should generate the email.
Just to note as well, if the WordPress app requires you to be logged in before submitting the information, then you'll need to include code to authenticate with the WordPress app within the C# app.
I hope this helps!
I am wondering if it is possible to send POST data with the default browser of a computer in C#.
Here is the situation. My client would like the ability to have their C# application open their browser and send client information to a webform. This webform would be behind a login screen. The assumption from the application side is that once the client data is sent to the login screen, the login screen would pass that information onto the webform to prepopulate it. This would be done over HTTPS and the client would like this to be done with a POST and not a GET as client information would be sent as plain text.
I have found some wonderful solutions that do POSTS and handle the requests. As an example
http://geekswithblogs.net/rakker/archive/2006/04/21/76044.aspx
So the TL;DR version of this would be
1) Open Browser
2) Open some URL with POST data
Thanks for your help,
Paul
I've handled a similar situation once by generating an HTML page on the fly with a form setup with hidden values for everything. There was a bit of Javascript on the page so that when it loaded, it would submit the form, therefore posting the data as necessary.
I suspect this method would work for you.
Generate a dictionary of fields and values
Generate an HTML page with the Javascript to automatically submit when page is loaded
Write page to a temp location on disk
Launch default browser with that page
Remember though that POST data is sent plaintext as well. POST is generally the way to go for more than a couple fields, as you can fit in more data (2048 byte limit on URLs) and that your user has a friendly URL to see in their browser.
Nothing is sent as plain text when you use SSL, it is encrypted. Unless you set what the default browser is (IE, Firefox, Chrome, etc), then you'll have to figure out what the default browser is and use its API to do this work (if it's possible).
What would probably be must faster and more efficient would be to open the default browser by invoking a URL with Start Process and pass the information on the query string (this is doing a GET instead of a POST, which I know isn't what you're asking for).
The response from the server could be a redirect, and the redirect could send down the filled-out form (storing the values in session or something similar).
That way the complexity is pushed to the website and not the windows application, which should be easier to update if something goes wrong.
HTH
Can you compile your logic in C# and then call it from PowerShell? From PowerShell you can very easily automate Internet Explorer. This is IE only but you might be able to also use WaitnN.
Anything you put at the end of the URL counts as the querystring, which is what GET fills. It is more visible than the POSTed data in the body, but no more secure with regard to a sniffer.
So, in short, no.
How would I go about doing the following...
I want to build a web service for my application to grab a piece of data from an external website, that requires the user to login. The website has no public API , hence the reason for the scraper.
Is there a library to perform the following functions? or what do I do?
automate fill-in form, auto click
Automate submit button
check which URL the user has landed
on, and redirect user to URL
Grab data from label.
EDIT: what im asking for is there a web service, library etc to make it easier to perform screen scraping/automation functions???
Instead of filling a form and virtually clicking buttons, you should look at the source of the form, and figure out how the data is being submitted. In most cases you can simply send a post request with the log in data. If there is something special besides a simple post request, I use this addon to figure out what requests are being done that you can't see. Using C#, I would use the HttpWebRequest class because it handles cookies for you.
If the website does not ban robots, you can use YQL to simulate everything you need. However, it can be a bit difficult or impossible as you basically have to implement a text-only browser within JS.