Login User With Cookie From Another Server
We have an intranet which is personalized using a cookie which we set. I have an outside vendor who is developing an application which will live on a seperate server. Is there a way they can read the cookie which we set to log user into their application so that we can make it a seamless transition?
View Complete Forum Thread with Replies
See Related Forum Messages: Follow the Links Below to View Complete Thread
Secure Cookie-based Login
I have researched several login scripts and I have a few questions that I haven't been able to find the answers for. First if of all, my goal is to create a cookie-based, non-SSL, login system. I have many, many users that are going to be logged in for extremely long periods of time, so I absolutely do not wish to use session variables under any circumstances. I've come across several great algorithms and one-way hash's that seem to work great for encoding the password. However, they all seem to have one thing in common. Once the user successfully "logs in", the site simply sets a cookie using the User ID of the login account. On all password protected pages, the only check that is made is the User ID stored in the cookie- compared to the value in the database. I'm curious if it is possible for a hacker to create a false cookie on their system, storing simply the UID. Is it possible to do this, or is there some kind of internal OS security that prevents such an action? In other words, if I go to a co-workers computer, review their temp files, find the cookie for the site they're logged into and take the UID... Could I recreate that cookie on my own computer at a later time and gain entry? This may not be so much of a security issue on a site that only stores a temporary cookie, but what if when they login, I set the cookie to expire after a year? (so they don't have to login every time they visit the site). I'm not saying this method isn't secure, I guess I'm looking for an explanation. Also, any ideas on where I can obtain more information about creating a login application that's not based on session variables?
Cookie And Db User Authentication
This is a question that has probably been answered before on the newsgroup but probably in fragments. This is what I would like to do, and I only have a very vague idea where to find the answer. Directions would be useful. 1. Users arrive at the site. If they are registered they log in. If not they sign up for registration. 2. The authentication information such as username and password are held in a db, for security reasons the password should not be passed in plain text. 3. When the user is logged in the session information should be held in a cookie so that if the user returns in a short period of time they will automatically be logged in. The cookie will also be used to personalise certain parts of the site.
Determine User's Cookie Acceptance
How do you determine whether a user allows cookies or not. Many people told me that it can be done by writing a cookie and then retrieve it to test this feature, but it simply doesn't work. What else can i do?
IE Does Not Set-Cookie With ASPSESSIONID When User Comes With JSESSIONID
I have code written in VBScript that accepts a POST submission from an external server to perform an auto-login to our website. I am experiencing an issue with Internet Explorer ONLY that I have determined using Fiddler. The problem is that when I POST to this page, I need to set a few session variables that are passed on to the following page after logging in. But using fiddler, I have realized that for some reason, in IE, the "Set-cookie" statement in the headers is never acted on by the server. On all following pages the "set-cookie" header is sent on every page, but the ASP SESSION header is never set that indicates the session was started. If I do the same test in Firefox, it works perfectly fine, no problem. So it seems IE is the issue. One other fairly important piece of the problem appears to be that the external server that is initiating the POST submission is running Java, so when the user is on the external server their browser is maintaing a JSESSIONID value. But when they submit the POST form over to our server, the Set-Cookie directive is trying to set an ASPSESSIONID, which is never accepted by the browser... So is it possible that for some reason IE is not able to handle a user coming from a JSESSIONID over to an ASPSESSIONID? I need to somehow work around this, or somehow force the ASPSESSIONID to kick in, because it is critical that I can set session variables for use on later pages.
How To Protect A File Upload Page With A Login Username Cookie?
I have downloaded a nice upload script from the internet, it works great, but I would like to have it protected,so that only the admin user can use this upload page, I'm getting the following error: Microsoft VBScript runtime error '800a01b6' Object doesn't support this property or method: 'Request.Session' If I change it in Request.Cookies, that won't work either.....
User Login
I have fields on a datebase called user_info with fields name, acctid, pw and blah blah blah. On the website I asked the visitors to input 0000 if they were not a client. I don't really understand how if...then, if...else works. How can I get it to validate the name, pw, acctid and if it equals 0000 to i guess (request.redirect "/client.bronzefactory/")? The next thing is... the client page, for them to sign up if they haven't yet. On the database their acctid is going to be listed but nothing else. I'm guessing I have to use the update syntax right? How would that work? I enter aa123456 and it does a = seach and redirect to a page where they fill it out and sumbits a update right? Is the statement something like this "UPDATE user_info SET name, pw= '" & name &'", '" & pw &'" where acctid= '?' <---how do i get the acctid there?
Login User
It's been a long time since I tried to solve this problem.I'm working for the INTRANET of my company, and I need to get the user login.I tried with Request.ServerVariables("LOGON_USER") or ("AUTH_USER"), but they don't work.The strange thing is that they work with Windows NT, but not with Windows 2000 Professional.
User Login With A Session
I am trying to create a user login page that once a user has been logged in there name will appear on all pages in the top right hand corner. This is what i have so far the user logins in through my user page and then this page loads up Code:
Direct User After LOGIN
I have a page that logs the user in (the code will be below). When they log in correctly, or even incorrectly, they get directed to default.asp. The login is working correctly however because when I log in with a false name and password I cannot proceed to checkout. How can i direct the user (ONCE they are signed in correctly) to a customer page(custpage.asp) instead of my homepage(default.asp)? Code:
User LogIn And Authentication
I know how to grab the users windows login. I would like to use this to establish permissions for a user on my site. In order for this to be valid, I need for the user to have to verify their network password. Is there any way to compare the password entered against the windows authentication? I would also like to be able to call the user by name instead of a login. Is there a way to get this from an Outlook address book or something?
Redirecting User After Login
i there i would like to ask how do i redirect the user to a page. Let's say i have an email sent to the user with a link and when the user clicks on it, the user will be brought to the loggin page and be directed viewAll.asp page. However, normaly hwne the user longs in the user will be brought to the view.asp page. Cos currently when the user logs in the user is brought to the view.asp page regardless of the link
User Login Feature
the database works is it checks over a database and verifies the username & pass with code. Then the user enters the site and there's a seperate table to keep a record of when users log in and log out. Well basically I'd like to know if and how I could apply a filter using asp code? I'd like to filter out everything but <%Session("name")%> (which displays their username) so that user logged in can view their own records.
Redirecting The User After Login
i have a log in page where the user has to log in to view any other files. when the user logs in i've set the default to view the view.asp page.however i realized that if the user was on the add.asp page and the seesion times out.. when the user relogs in again.. he would be brought to the view.asp page.
Block User From Login
i've developed a application in asp i want to restrict the user to login more than one at the same time i mean if user is already login then if he try to login on another window at the same time the message should b displayed u r already login.
Login Failed For User
The error i get is as follows: Microsoft OLE DB Provider for ODBC Drivers error '80040e4d' [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'webuser'. /dsn_inc1.asp, line 25
Login Failed For User
I get the following error when trying to connect to sql server: Microsoft OLE DB Provider for SQL Server (0x80004005) Login failed for user 'sa'. Reason: Not associated with a trusted SQL Server connection. I've changed the sql server security settings to mixed mode.(SQL Server and Windows), and restarted sql server but I still get the error.
User Login And Session Variable
i have created a script that queries a database for a username and password, and if they are valid sets a session variable to TRUE and redirects to another page. the table which contains the user information is called "Users" with the fields "UID", "PWD", "FIRSTNAME", "LASTNAME", and "EMAIL". my question is, how can i set a session variable to use the FIRSTNAME record for the particular user that logs on? my code is below. I've already got a session variable to display the UID record in the BookingSysV1UserName session variable.
Direct User To The URL They Requested After Login
I have an email containing link say (somelink.asp) A user clicks on this link (say from outlook). because this user is not logged into the site, the request goes to somelink/login.asp. The user then logs in. After successful login I would like to take this user to the link he clicked on originally. Is this possible without having to pass the lionk url as part of the query string?
Login Failed For User 'test'
I have a simple ASP code that i am trying to use in order to get records from a database in SQLserver 2000 and display it in html format. I named the file index.asp and placed it in the home directrory for IIS. When i type in http://localhost/index.asp, i get 500 errors. On viewing the IIS logs, i am noticing the following errors: 2005-10-31 20:05:16 W3SVC1 127.0.0.1 GET /index.asp |47|80040e4d|Login_failed_for_user_'test' After searching on the internet, I have already checked "SQL Server and Windows" authentication in SQL Server security. here is the code that i am using to connect to the database: Code:
Identify Login User Identity
I am doing a webpage which allows different users from various departments to do a search/print information of people within their own department. I have a login page for user to key in the correct password and id before they enter the system. However, in order for the restriction to take place, I will have to ensure that the system recognises the person that is logged into the system.
Information On User Login Programming
if anyone knew of a good book or website that explained in detail how to program a good username and password protection script for a website. It doesn't have to be anything great, just something that is a little secure and works.
User Login Logout Tracking
I am a system administrator whom has been charged with the logging of user activities on my network. I want to track when a user logs into a machine, logs out of a machine or locks a system. Is there an application out there that I can run on my server or a client based app that anyone knows of? Or do I have to make this from scratch?
Pass User Login For UNC Path
I am trying to write a script that will access files on another computer on the network but in a seperate domain. In order to access the files, I need to first authenticate to the other domain as a different user. When I access files on another domain via explorer, it prompts for a username/password. Is there some way I can pass this same information through scripting to access a computer in the other domain? I attempted to do this with impersonation, but if I understand correctly, in order to impersonate a user, the user must exist on the local computer running the script. The user that I would like to use exists only on the other domain. how this can be done?
Online Ordering (different Product For Each Login User)
I'm just wondering if there is ordering online software which has a feature to create a customised user environment (different product and prices for different user) for each login user? I really need that feature for one of my customer. If it is not available could you please suggest a product that has this feature?
ASP Application Online Ordering (different Product For Each Login User)
I'm just wondering if there is ordering online software which has a feature to create a customised user environment (different product and prices for different user) for each login user? I really need that feature for one of my customer. If it is not available could you please suggest a product that has this feature?
Pass Cookie From One Domain To Another On The Same Server
Is there an easier way to handle that? I used Javascript to handle this when our two domains are hosted on two different servers(on different networks) and our search engine marketing people don't like the javascript links since they think the links are not favorable to a search robot. Now our company is thinking about hosting these two domians on the same server, So I am wodering if there is any easy way to do that....
IE Not Sending Cookie Info To Server
I am developing an asp.net 2.0 application using visual studio 2005 on my computer and I am getting very inconsistent results when I test on my computer versus from other computers. The symptom of the problem is that the web server does not receive cookie information from the browser after I have properly logged in to the web server. Without this information, my session state keeps on getting lost and the authentication logic sends me back out to the login page. Using Fiddler, I have narrowed down the problem to what I think is the browser not always sending cookie information (containing the session and authentication ticket) to the web server. This is what I have tried: 1. If I run the browser on the same computer as the webserver, I see that the cookies are sporadically not being sent from the browser for the .aspx pages. 2. If I run the browser from a 2nd and 3rd computer and hit the web server on the first computer, I see that the cookies are always being sent for the ..aspx pages. 3. If on the webserver I force asp.net to assume cookieless clients, my browser on the same computer works fine since the "cookie" information is part of the URL. I haven't tried installing my dev environment on the 2nd or 3rd computers and try to see how the browser behaves when hitting the new webserver. I am trying to avoid that for now. But from my 1st computer, if I run the browser against a totally different web application I have seen the same behavior in my Fiddler logs. The browser sporadically does not send cookie information to the server. I suspect that it may be something specific to the IE browser on my computer. Maybe there is some security program or setting that is causing this issue on this computer and not others. Does anyone have any thoughts or ideas on what this problem could be? I want to find out the problem to make sure that when I deploy my web application, this issue does not resurface on my user's computers.
Server Times Out With ASPSESSIONID Cookie
I am using the XMLHTTP object to request a page from within another ASP page. For my scenario, the two pages should operate in the same session. However, when I request the second page, a new session is created. This makes sense since it is coming from a different client (the XMLHTTP object as opposed to my browser). I've tried to pass the ASPSESSIONID cookie along with the XMLHTTP post, but every time I pass the valid cookie, the XMLHTTP request times out. Has anyone experienced anything similar to this? Is what I am trying to accomplish even possible?
Login Script Based On Email, IP And Sql Server Backend
My questions concerns building a login system based on checking for the existence of the user's email address only.... 1. Is it ok for me to use IP address to allow user to bypass all login and registration systems if IP is present in database? I wish to save the user time....if the IP is not present I will present the LOGIN email screen.... 2. I am consideirng using Session variable on each page I wanted I protected...I think I know how to do this but I am not sure on whether I should be using the global.asa to handle loggin in or logging out or whether I should so all the code on the secure page itself. 3. I wish to use a sql server backend to house my tables: tblProspect, tblProspectPageSelections......is it okay to use the following branching code to switch between my test and production server with regards the physical database path as I have multiple sites on our remote server which need to feed off the same database....I am thinking about something like this: If InStr(Request.ServerVariables("SERVER_NAME"), "publicserver.com") > 0 Then ' Set Public Server Paths Else ' Set Private Server Paths End If Can this work?
Server->user Downloads
I have an VB ASP page that creates, using a linked database, ad-hoc queries. Like, the user selects what table to look into, what fields, any criterias (ex: PROVINCE="QC"), etc. That part is easy.The problem is, I would like the results to be outputted in MS EXCEL. Well, it's not my idea, but I have to do it. Any ideas how this can be done? My only idea would be that: 1) The ASP page writes to a file on the server and offer a link to the user to download that file. 2) User Downloads 3) We can't have these Excel files cluttering up the server, so the file would also have to be deleted automatically. Is this even remotely possible? I'm not too good with ASP, so is it even possible to write to file? Could I create a Workbook/worksheet object using VB ASP?Can I delete the file programatically
Add User TO Domian Server
Is it possbile can we add a new user to domin server thorugh ASP eg: i have domain server i want to add a new domain user . its in windows .. but i want to give a webpage to sysadmin they can enter only username and user id and some fields .. after that they give create that time in server i want to create a new user . with this all info .. isit possible though ASP ???
SQL Server And User Dates
I have to get data between two dates. That dates user has to provide and in a specific format like dd/mm/yyyy if SQL server date format is same then no problem but if SQL server format mm/dd/yyyy then I am getting error.
Code For Collecting User Ip Address/date Into SQL Server Database
I need code to capture a users ip address once they agree to a disclaimer (a form yes/no). If the user states no a message telling them they do not have access and a redirect back to the home page. I need to put the ip address along with the date a sql server database. I am lost as to how to code this and also how to set it up in my directories.
Select Query According To User Input For A WebPage In C#.Net With SQL Server 2000
How to select query according to User Input for a WebPage in C#.Net with SQL Server 2000.I am trying to build a web page in C#.NET with SQL Server 2000 using Visual Web Developer 2005. I want to select and execute the query according to user input. I have a form which has 2 textboxes which gets start date and end date from the user. Based on start/end date my 1st query runs. Now if user does not enter any start/end date I want to run another query which takes default dates from database(which is in varchar:ex. now()/now()-180) according to logged on user's permisstions. How to select query ?
Response.cookie In Session_onstart Event And IE 6.0 Cookie Acceptance
When I set a cookie in global.asa in the sub session_onstart, even if I have "privacy" in IE 6.X set to "block all cookies" the cookie is still set, and I can get it on other pages. I can't find an article that addresses this as a specific issue. Why does the browser get the cookie when it is set in the session_onstart event even when I have "block all cookies" set?
XMLHTTP Through Login But After Requesting Next Page - Kicks Back To Login
I am building a website to pull data from a remote https site using xmlhttp. The data from the https site is behind a login screen. I can successfully get through the login screen with: set objXMLHTTP = Server.CreateObject("Msxml2.ServerXMLHTTP") objXMLHTTP.Open "POST", "https://website.com/validate-login2.asp", false objXMLHTTP.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded" objXMLHTTP.Send "Username=uname&password=pwd&company=O" That works great - but then, when I try to go to the next page (where the data is that I want to pull) - I use the same process and I get kicked back out to the login screen? Could there be some cookies, referer, strings being passed normally that I am not including in my second request - How do i find out for sure? I have used the software IETrace and it looks like some cookies being passed, but how do I know for sure if (and what exactly) it is using?
Session Cookie Vs. Regular Cookie
I want to know what's the differences between session cookie and regular cookie. In ASP, when we create cookie, we do the following to identify an user: Response.Cookies("name") = value Is this regular cookie? How about session cookie? and when to use which?
Login To Page Requires Login
I want to login to a page using MSXML2.ServerXMLHTTP.4.0 or an object like this, I must send the form variables needed to login when I try to login to the page. But the problem is, that the page looks like a exe file (not a asp file or php file or what ever). The name of the page I try to login is something like "/pw?/session/login", nothing more, without extension. I have tried the code with a normal asp file with session registration and login process and it worked, but not with this file.
ADSI - Trying To Enable A User - The User Add Works Very Well
I have written an ASP.NET 2.0 application that uses Active Directory or ADAM to manage account users - the site has a page that allows people to create an account (much like any site). The page populates the AD with all the information and the user account but I am unable to enable the account. Microsoft has information on how to do that here --> http://msdn.microsoft.com/library/d...ting_a_user.asp (the sample is for Visual Basic) - and I am unable to complete the bottom portion of the script. Can some one point me in the right direction - or can you tell me how I can add a snippet of VBscript code to an ASP.NET page. I am using the Active DS Type library - not sure why there are multiple ones (System.DirectoryServices) but it is rather confusing - I seem to accomplish one thing with one and another with the other (they did have trouble co-existing however). Anyway my script works very well but I am not able to access the properties required to enable the account. Here is a simple version (no error checking) of the code.....
Mail User Info To User
how to go about setting up an asp script or flash action script to take the input from a user of his/her username and password then send an email to the user with the information. I am able to do all of this but the problem is that the users pc is the one sending the email. I want the server to send the email instead.
How To Set Cookie To Nothing?
The problem is that the code for "change_school.asp" takes the user right to "portal.asp". I checked the code of "change_school.asp" and it does indeed set a cookie value for "school", but for some reason "default.asp" is still finding the old cookie stored and then redirecting...any ideas guys? 'code for change_school.asp...clears the cookie "school" and redirects to page (default.asp) where user can select a new school <% Response.Cookies("school")= "" Response.Redirect "default.asp" %> 'code for default.asp which allows user to select a new school, and if the cookie "school" has some value then they are redirected. <% If request.cookies("school") <> "" then Response.Redirect "portal.asp" end if %>
Cookie And SQL?
On this website i am building it has password protection on certain pages. So i have a "login" portion on the right side of the page, that is shown on every page. When someone logs in is it possible to change that little section to just say Welcome so and so? Instead of having the username and password form with submit button?? Or is this something that requires some java to hide it? Part II When someone logs in i want them to recieve a cookie, in that cookie i want it to contain the person's name (wich i want the to be put next to the "welcome back on part I), email address, and up to four other numerical values. (some people will have greater access to sections of the site depending on who they are) Is is possible to grab this information from the SQL database and put in the cookie? If so can anyone please show me, point me in right direction, ect?
Cookie Value
I'm using FrontPage Database results wizards to retrieve data from Access. I have a cookie containing a number I'd like to insert in a custom query. Whenever the page opens, I want the query to run using the value in the cookie. I haven't been able to figure out how to transfer the cookie value into something the FP webbot will accept in the query.
Cookie
What i am trying to do is this: I want to make a cookie. If someone comes back to a page (say after an hour after they left)i want them to get a specific popup. If someone comes back after than hour I want them to get a different popup, telling them something different.
Cookie Detection
I'm going to go down this route of Cookie detection <% If Request.Querystring("Check") = "" Then Session("cookietest") = "True" Response.Redirect("cookietest.asp?Check=True") Else If Session("cookietest") Then <!-- Execute code if enabled --> Else <!-- Execute code if disabled --> End If End If %> I’m a little worried, do you know how spiders work with regards to this sort of thing? My site gets some traffic due to it being spidered by the likes of google and I don’t want to loose that flow. If I use this at the entry point of my site to redirect browsers with cookies turned off to a page telling them to turn them on will that stop the spiders?
Cookie Availability
If my user turns cookies off, both permanent and temporary cookies can't be used or only permanent cookies can't be saved on the user's machine?
|
TRACKER
