c# - Pass username/password from Windows Forms application to an ASP.NET web application -


here situation:

  • c# windows forms application
  • asp.net web application
  • both authenticate custom user table in same database (usename/password) , create user object used throughout both applications

a user logged windows forms application , want launch url open page in asp.net web application in default browser (ie, chrome, firefox, etc.). want pass current username/password windows forms application asp.net web application in order keep user having log web application separately.

based on our research, here options have found (and drawbacks):

  • pass username/password in url querystrings , create user object in web application
    • not secure (password visible in url)
  • create temporary html page on client machine includes javascript onload function posts username/password target url , create user object in web application
    • (could not find way post data directly url , display url in default browser using c#)
    • not secure (password visible in temporary page)
  • create "handoff" table store username/password key gets passed page via querystring , deleted table when page loads , create user object in web application
    • small potential key intercepted (hackers)
  • have separate mongodb stores user object , retrieve in web application
    • separate software (mongodb) running - additional point of failure

all of user doesn't have type username/password twice log both applications.

which 1 of above options above work best (most secure, least overhead/maintenance)?

or

is there way create forms authentication ticket (cookie?) in c# application used default browser?

or

is there better, secure method handling this?

(edit)

or

is there argument requiring user enter username/password again access web application if they're authenticated windows forms application? if so, can provide links references? best practices, web security standards, etc.

you salt+md5 password , send url.

however, should point script on server first, authenticates user and creates appropriate cookies, , redirects desired page, without credentials in url.

edited: or whatever want preserve users' session

unfortunately, long passwords involved, can't 100% secure. still, hashing salted (salting when concatenate password other string before hashing) password might best bet if can visual on passwords.

  1. you generate password hash, salt.
  2. you send processed (i put url of separate script, it's matter of preference.)
  3. you generate hash same salt on server , check against submitted one.
  4. authenticate user , redirect original location.

Comments

Post a Comment

Popular posts from this blog

java - Play! framework 2.0: How to display multiple image? -

i need display gallery of photos. here template: @(photos: list[photo]) @title = { <bold>gallery</bold> } @main(title,"photo"){ <ul class="thumbnails"> @for(photo <- photos) { <li class="span3"> <a href="#" class="thumbnail"> <img src="@photo.path" alt=""> </a> </li> } </ul> } and here controller method: public static result getphotos() { return ok(views.html.photo.gallery.render(photo.get())); } and here photo bean : @entity public class photo extends model { @id public long id; @required public string label; public string path; public photo(string path, string label) { this.path = path; this.label = label; } private static finder<long, photo> find = new finder<long, photo>( long.class, photo.class); public static list<phot...
Read more

gmail - Is there any documentation for read-only access to the Google Contacts API? -

i want read-only access user's google contacts. there stackoverflow member wanted this, , received following answer : yes, there is, use https://www.googleapis.com/auth/contacts.readonly scope , "view contacts". this exchange reference read-only access google contacts can find using google. simply using access token obtained attempt read usual google contacts api (i.e. https://www.google.com/m8/feeds ) fails insufficient permissions. similarly, using google contacts api on new target fails 404 errors (for example https://www.googleapis.com/auth/contacts.readonly/default/full ). is there documentation anywhere on how use api, or permissible way access google contacts api full read-write access?
Read more

php - Controller/JToolBar not working in Joomla 2.5 -

relevant code: jtoolbarhelper::custom('savecategories', 'save', '', 'save', false, false); ... <input type="hidden" name="controller" value="easyblogcontroller"> according can dig docs , own previous questions, should call savecategories() function in easyblogcontroller . i've tried setting value easyblog , easyblog.php (file name) current easyblogcontroller (class name). clicking on save button refreshes page. not redirect, echo or var_dump test code put in savecategories() function. var_dump ing jrequest::getvar('controller') , 'task' return correct values. creating controller object , using $controller->execute('task'); works. the values going depend on location of controller trying call, , have couple options here. typically there controller in base folder of component (likely components/com_easyblog) in file called controller.php , class name inside ...
Read more