.NET Forum

**mb2000inc** · 11-06-2009, 01:07 PM

Essentially what is going to happen, is our company (X) will host a login page for a program hosted on two other companie's servers (Y & Z).

If your credentials match up to one (Y) then you will be directed to that site. If your credentials match up to the other (X) then you will be directed to that site. Both of which will be loging you in by the credentials posted in the login form.

I thought of two ways to do this:

1) via query string (not the best idea)
2) via check box that says you are logging in to company (X) or company (Y)... then redirecting you to the appropriate location and passing the information by something like This:

Code:

Request.ServerVariables("HTTP_REFERER")

Do you think either of these would work? If so, how would I go about getting that connection between the sites?

This one has me baffled.

**chrishirst** · 11-06-2009, 01:24 PM

It makes no difference what server technology you use, it is the HTT Procol that determines the how, and there is only two ways in HTTP of passing information between to disparate server entities.
Querystring (GET) and form data (POST).

**mb2000inc** · 01:49 PM

Yeah, I get that. But what I'm asking is setting it up so that I can actually pass that information in the back end.

Ok, this is a quick mockup - forgive my photoshop skills - of what I'm trying to accomplish. Based on the credentials and which check box you choose... if you choose one, then the form's action would be to post to www.siteX.com/securelogin if you chose the other check box, the forms action would be to post to www.siteY.com/securelogin Do you catch my drift on that?

I'm sorry if I can't explain it right... I have a tendency not to do very well with that... as you've probably read before. What I'd like to do is figure out how to create the function that will tell the page that the form's method/action would be POST and which site it goes to for the action....

what are your thoughts?

**mb2000inc** · 03:33 PM

Ok, so what about this....?
I go and POST the information but I want to re-write the form's action attribute... basically, I can tell the page that if a user logs in with their credentials, their directed to one site... if it returns invalid, then re-write the action that redirects the user to the other site....?

This would get rid of the check boxes and just handle everything behind the scenes...

Psuedo Code:

Code:

'first validate the form
IF the form validation is ok THEN
     form action = www.siteX.com/securelogin
     IF form action returns invalid login THEN
         form action = www.siteY.com/securelogin
     END IF
ELSE
      Use client script to popup a window that says that they are missing credentials
END IF

Do you think something like that would work?
Please let me know what you thoughts are....

**chrishirst** · 11-06-2009, 04:53 PM

Well your check boxes should be radio buttons.

Do I take that IF they have a company/merchant id they login to "premier" otherwise they login to "standard" ?

Or is there more to it?

**mb2000inc** · 11-12-2009, 01:32 PM

Actually, both sites require those credentials... it's a matter of which one accepts what credentials.... don't know if that makes any sense.

They nixed my idea for the checkboxes and want it all to happen behind the scenes.... So, if a user logs in... the backend will direct the user to one site, and if it returns an error or invalid login, then the backend will redirect the user with the appropriate credentials to the next site, thus logging them in to that site.

I originally started with an onpageload event that looked for an error code
"request.querystring"

If it's null, then nothing... let the user log in.

If there's an error, post the data to the next site with those credentials.

(I'll work on correcting type-os and the proper redirects after I get the initial functionality working.)

I started dabbling with it in C# and came up with a solution, if I can just get it to "POST"... stepping through the code, I noticed that it's just passing over the code that tells it to "POST".

I'm pulling my hair out over this.

**mb2000inc** · 01:42 PM

Here's the C# that I was playing with...

Code:

using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Text;
using System.Net;
using System.IO;
publicpartialclass_Default : System.Web.UI.Page
{
 
privatevoid OnPost1()
{
using (WebClient wc = newWebClient())
{
wc.Proxy = null;
System.Collections.Specialized.NameValueCollection data = new System.Collections.Specialized.NameValueCollection();
data.Add("CID", CID.Text);
data.Add("LoginID", LoginID.Text);
data.Add("LoginPasswd", LoginPasswd.Text);
//*******************************************************************************//
//what happens, is this part is completely ignored... the browser attempts to go // 
//to site and post the data - but does not actually do anything. //
//*******************************************************************************//
byte[] result = wc.UploadValues(http://www.siteX.com/login, "POST", data);
}
}
privatevoid OnPost2()
{
string strMerchID = Session["id"].ToString();
string strUserID = Session["log"].ToString();
string strPassword = Session["psw"].ToString();
using (WebClient wc = newWebClient())
{
wc.Proxy = null;
System.Collections.Specialized.NameValueCollection data = new System.Collections.Specialized.NameValueCollection();
data.Add("merchant_id", strMerchID);
data.Add("user_id", strUserID);
data.Add("password", strPassword);
byte[] result = wc.UploadValues(http://www.siteY.com/login, "POST", data);
}
}
protectedvoid Page_Load(object sender, EventArgs e)
{
if (!Page.IsPostBack)
{
if (string.IsNullOrEmpty(Request.QueryString["err"]))
{
Div1.Visible = true;
Div2.Visible = false;
}
else
{
merchant_id.Text = (string)Session["id"];
user_id.Text = (string)Session["log"];
password.Text = (string)Session["psw"];
Div1.Visible = false;
Div2.Visible = true;
OnPost2();
}
}
}
protectedvoid Button1_Click(object sender, EventArgs e)
{
Session["id"] = CID.Text;
Session["log"] = LoginID.Text;
Session["psw"] = LoginPasswd.Text;
OnPost1();
}
}

Let me know your thoughts as soon as possible please...

<pointless-ness>I'm going to be completely bald by the weekend.... and my wife won't like that too much.... she likes my hair </pointless-ness>

**mb2000inc** · 11-13-2009, 09:18 AM

Ok, new thought.... Sorry for the many many posts...
I'm just trying to work these things out as I go.

What about this...

TWO FORMS (one set as visible="false")
TWO Submit Buttons (one in the invisible form)
When the user logs in with the credentials that returns an error, the page_load function makes the second form visible and turns the first form invisible.... then automatically clicks the second button.

I started playing with that... and I can't figure out how to make that button submit.

I know the basic functionality of automatically clicking a button:

Code:


Button1_Click(Nothing, Nothing)

But I need something to tell that button how to submit the form.

Any thoughts?

**mb2000inc** · 11-16-2009, 03:19 PM

Ok, so, what I'm doing is this...
on page load, the first thing that happens is I check for a querystring with an error code... if there isn't one present, then nothing... go about doing things normally with a button1_click event when the form is submitted... and storing the text box information in a cookie so that, when/if it returns an error code, the page load function is called...

Code:

ProtectedSub Button1_Click(ByVal sender AsObject, ByVal e As System.EventArgs) Handles Button1.Click
'declare variables
Dim strLID AsString = CID.Text
Dim strLOD AsString = LoginID.Text
Dim strPSW AsString = LoginPasswd.Text
'start a session and place a cookie on the user's machine!
Session("APLogin") = "login"
'create a cookie to place on the user's machine
Response.Cookies("APLogin")("LID") = strLID
Response.Cookies("APLogin")("LOD") = strLOD
Response.Cookies("APLogin")("PSW") = strPSW
Response.Cookies("APLogin").Expires = DateTime.Now.AddDays(1)
Dim UserCookie AsNew HttpCookie("Login")
UserCookie.Values("LID") = strLID
UserCookie.Values("LOD") = strLOD
UserCookie.Values("PSW") = strPSW
UserCookie.Expires = DateTime.Now.AddDays(1)
Response.Cookies.Add(UserCookie)
Dim strScript AsString = "<script language=JavaScript>"
strScript += "document.form1.action ='http://www.siteX.com/login';"
strScript += "document.form1.submit();"
strScript += "</script>"
If (Not ClientScript.IsStartupScriptRegistered("ClientScript")) Then
ClientScript.RegisterClientScriptBlock(Me.GetType(), "ClientScript", strScript)
EndIf
EndSub

If there is an error code returned in the querystring, then we're loading javascript function (on the server side) that tells the browser to submit a second form.

Code:

ProtectedSub Page_Load(ByVal sender AsObject, ByVal e As System.EventArgs) HandlesMe.Load
IfNot Page.IsPostBack Then
'Dim strCode As String
IfString.IsNullOrEmpty(Request.QueryString("err")) Then

form1.Visible = True
form2.Visible = False
Else
form1.Visible = False
form2.Visible = True

'request the cookies stored on the users machine
IfNot Request.Cookies("APLogin") IsNothingThen
merchant_id.Text = Server.HtmlEncode(Request.Cookies("APLogin")("LID"))
user_id.Text = Server.HtmlEncode(Request.Cookies("APLogin")("LOD"))
password.Text = Server.HtmlEncode(Request.Cookies("APLogin")("PSW"))
EndIf
Dim strScript AsString = "<script language=JavaScript>"
strScript += "document.form2.action ='http://www.siteY.com/login';"
strScript += "document.form2.submit();"
strScript += "</script>"
If (Not ClientScript.IsStartupScriptRegistered("ClientScript")) Then
ClientScript.RegisterClientScriptBlock(Me.GetType(), "ClientScript", strScript)
EndIf
EndIf
EndIf
EndSub

Currently, the issue is that the button1 function fires twice (while stepping through the code) and the page_load event goes through a postback for some reason...

What are your thoughts?

Please, I need to get this to work soon... my bosses are really getting pissy.

**mb2000inc** · 11-17-2009, 09:17 AM

So, if anyone is watching... I have it working... to a point.

The problem that remains, is when it redirects to the second site... it doesn't pass the values of the second form (password).

I'm using this to populate the password with the value of the cookie:

Code:

IfNot Request.Cookies("APLogin") IsNothingThen
merchant_id.Text = Server.HtmlEncode(Request.Cookies("APLogin")("LID"))
user_id.Text = Server.HtmlEncode(Request.Cookies("APLogin")("LOD"))
'password.Text = Server.HtmlEncode(Request.Cookies("APLogin")("PSW"))
password.Attributes.Add("value", Server.HtmlEncode(Request.Cookies("APLogin")("PSW")))
EndIf

Any thoughts?

**mb2000inc** · 12-14-2009, 02:32 PM

ok, so I solved my own problem. I used two forms, one visible - one not...
On the first text box (on text changed) - I had it query a table. If it was in the table, keep the form visible and invoke a client script that tells the form what it's "action" is.

If it's not in the database, then make the second form visible.... and let the user continue. at that point, the form has it's own action and the values are passed.

So, it works... I solved it.

I'm so glad I asked for help.
</sarcasm>