c# - open webpage from within a desktop application with arguments as username and password -


i have developed asp.net web application user can access , login providing username password. have develop windows form application in user can login using same credentials web application. clicking button in application, want open browser , navigate user web application , automatically login web application same credentials. problem how pass credentials web app?

i using process.start("http://localhost:8080/myapplogin.aspx") open browser , load login page. can pass credentials in query string encrypted format doesn't sound safe method of doing it. want pass credentials webpage more secure method.

any suggestions?

this question incorrectly edited , lost meaningful information in it. have re edit question below

edit

i have developed asp.net web application user can access , login providing username password. have develop windows form application.the win form application contains user's web app credentials in file.there's button in win form app , want user login web app click onto button e.g clicking button in win form application, want open browser , navigate user web application , automatically login web application. problem how pass credentials web app?

i using process.start("http://localhost:8080/myapplogin.aspx") open browser , load login page. can pass credentials in query string encrypted format doesn't sound safe method of doing it. want pass credentials webpage more secure method.

any suggestions?

note: my win form application can't access web app database.

solution 1: assuming want roll own

ok, assuming here both winforms application , asp.net application have access same db mention can log in either.

so being case create table authtokens following fields:

authtoken username

create pre-shared key known both winforms , asp.net application.

in winforms app authenticate user usual. upon successful authentication:

  1. encrypt username shared key ==> userencrypted
  2. create md5 hash of userencrypted ==> authtoken

add record authtokens table:

insert authtokens (authtoken, username) values (authtoken, userencrypted)

then call post "http://localhost:8080/autologin authtoken part of headers or body (your choice) , use postredirectget pattern send request webforms application.

in webforms application then:

  1. retrieve authtoken post
  2. find authtoken in authtokens table
  3. decrypt username field table using shared key ==> unencryptedusername
  4. use unencryptedusername log user in
  5. upon success/failure redirect page of choice. take account conditions - token not found, md5 of decrypted user not match authtoken etc. etc

notes:

  • doing post means no query strings , passing stuff "easily visible". still visible sniffing traffic
  • at no point ever store unencrypted - ever
  • at no point ever send on wire reversible - ever
  • you send md5 hash not reversible
  • you still need shared secret key (psk) pain. store in db if secure

whatever make sure careful implement things easy wrong.

extensions:

  • you @ public/private key encryption avoid psk
  • your communication should https , not http
  • you clever expiry of auth tokens - 1 time use, time expiry etc. etc.

solution 2 - use oauth designed scenario describing.

solution 2.1 - implement own authentication service

for example https://github.com/identityserver/identityserver3, there others.

solution 3 - find saas solution single sign on , user management you

google friend here cannot recommend without violating policies.


-

Comments

Post a Comment

Popular posts from this blog

python - How to insert QWidgets in the middle of a Layout? -

Image
i'm using qt framework build graphical user interface. use qgridlayout position qwidgets neatly. gui looks this: my application regularly adds new widgets gui @ runtime. these new widgets not added @ end of qlayout, somewhere in middle. the procedure bit cumbersome. applied on figure above, need take out widg_c , widg_d , ... qgridlayout. next, add widg_x and widg_y , , put other widgets again. how remove widgets qgridlayout: for in reversed(range(mygridlayout.count())): self.itemat(i).widget().setparent(none) ### as long you're dealing small amount of widgets, procedure not disaster. in application display lot of small widgets - perhaps 50 or more! application freezes second while procedure ongoing, annoying user. there way insert widgets somewhere in qlayout, without need take out other widgets? edit: apparently solution qvboxlayout simple. use function insertwidget(..) instead of addwidget(..) . docs can found link: http://doc.qt.io/qt-5/qboxlayou
Read more

python - serve multiple gunicorn django instances under nginx ubuntu -

i need serve 2 webs apps (django) on gunicorn under different domain names using nginx on ubuntu. started using tutorial: https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-16-04 it worked fine 1 using that. tried same thing second gives me 502 gateway second domain. tried following tutorial: http://michal.karzynski.pl/blog/2013/10/29/serving-multiple-django-applications-with-nginx-gunicorn-supervisor/ i'm @ part run gunicorn start script: sudo bin/gunicorn_start i response: starting webuildblack root traceback (most recent call last): file "/home/devin/webuildblack/bin/gunicorn", line 7, in <module> gunicorn.app.wsgiapp import run importerror: no module named 'gunicorn.app'; 'gunicorn' not package you have named program gunicorn.py gunicorn -package. rename file , remove gunicorn.pyc file.
Read more

module - Prestashop displayPaymentReturn hook url -

i new prestashop developer , trying create paymentmodule. have got show payment method can not proceed purchase because not know hot works. does know should redirect run hooddisplaypaymentreturn method? i happy if explain me complete navigation map make purchase. anyway, can find relation between hooks , pages? when have new module payment rely on simplest provided prestashop: bankwire. inside can find 3 hooks. hookpayment: public function hookpayment($params) { if (!$this->active) return; if (!$this->checkcurrency($params['cart'])) return; $this->smarty->assign(array( 'this_path' => $this->_path, 'this_path_bw' => $this->_path, 'this_path_ssl' => tools::getshopdomainssl(true, true).__ps_base_uri__.'modules/'.$this->name.'/' )); return $this->display(__file__, 'payment.tpl'); } hookdisplaypaymenteu: public fun
Read more