Password Manager,Automatic Login Application to fill login forms , usernames and passwords

• Download AutomaticLogin.zip - 27.5 KB

Introduction

Every one of us have accounts in different web sites: Email, Banks, Forums, etc…

The most annoying part is the need to remember all the user names and passwords.

There are some commercial products that provide a way to save this login information and automatically fill the forms whenever a web site is navigated.

In this article I want to demonstrate how it is possible to create your own application that will do exactly this: Remember all the usernames and passwords for you and do a single sign on .

Base on what I show here, everyone with some .NET knowledge can build a simple WebBrowser dedicated to such sites.

you can download a more advanced Password Manager at www.logonce.com

How does the Automatic login work ?

All the logic is in the AutoLoginManager class.

All the information is in the LoginInfos class

Whenever a new web site is navigated a new AutoLoginManager class is constructed.

void webBrowser_DocumentCompleted(object sender, WebBrowserDocumentCompletedEventArgs e) 
{
    // create new AutoLoginManage 
    m_LoginManager = new AutoLoginManager(webBrowser, e.Url.Host, m_LoginInfos); 
}

On construction a password is searched in the document.

The way to find password is to look for input of type "password".

In most of the login forms there is a "Form" element that contain the login input elements.

The password is usually of type "password".

If the password in found the LoginInfos is checked to see if there is information for

The current url (i.e. mail.yahoo.com)

If there is such information it is embedded in the form

if (m_LoginInfos[url] != null) 
{ 
  //embed login info in page 
  m_Psw = GetPassword();
  EmbedInfo();
}

private void EmbedInfo() 
{
  HtmlElement form = GetForm();
  foreach (HtmlElement elem in form.GetElementsByTagName("input")) 
  {
    string type = elem.GetAttribute("type").ToLower();
    // skip non input types 
    if (s_NonInputs.Contains(type)) continue; 
    // build the key of the element 
    string key = elem.GetAttribute("type") + elem.GetAttribute("id") + elem.GetAttribute("name"); 
    elem.SetAttribute("value", m_LoginInfos[m_Url].LoginInputs[key]); 
  }
  return;
}

When the user click on the "Record" button, the method RegisterInfoCollection() is called. It is responsible to see if this is login form and if so to register to the "Navigate" event of the browser.

Then on navigation the information is collected from the form and saved in the LoginInfos object.

private void browser_Navigating(object sender, WebBrowserNavigatingEventArgs e) 
{
   WebBrowser wb = (WebBrowser)sender;
   wb.Navigating -= browser_Navigating;
   // save the info LoginInfo 
   values = new LoginInfo(); 
   values.key = m_Url; 
   values.LoginInputs = new LoginInputs(); 
   m_Psw = GetPassword();
   if (m_Psw != null) 
   { 
    GetInputs(); 
   }
   // save the login values for the url 
   foreach (HtmlElement elem in m_Inputs) 
   {
     string val = elem.GetAttribute("value");
     string key = elem.GetAttribute("type") + elem.GetAttribute("id") + elem.GetAttribute("name"); 
     values.LoginInputs[key] = val; 
   }
   m_LoginInfos[m_Url] = values;
} 

Searching inside IFRAMES

Sometimes the login form is not in the main document, rather Nested inside an IFRAME.

There fore the GetPassword() method does recursive search in the IFRAMES until the the password (if it exeist) is found

private HtmlElement GetPassword() 
{
    HtmlElement password = GetPassword(m_Document);
    if (password == null) 
    {
      foreach (HtmlWindow frameWindow in m_Document.Window.Frames)
      {
        try
        {
          password = GetPassword(frameWindow.Document);
          if (password != null) return password; 
        }
        catch { }
      }
    }
    return password; 
}

/// look for password element in the document by searching 
/// input element of type "password" 
private HtmlElement GetPassword(HtmlDocument doc) 
{
  if (doc == null) return null;
  foreach (HtmlElement elem in doc.GetElementsByTagName("input")) 
  {
     string type = elem.GetAttribute("type");
     if (!string.IsNullOrEmpty(type) && type.ToLower() == "password") return elem;
  } 
  return null; // not found
} 

Loading And Saving The information.

The LoginInfos can be built out of xml and serialized to xml.

So on load the xml is read from a file

private void LoadLoginInformation() 
{
    string path = Path.GetDirectoryName(Application.ExecutablePath) + @"\info.txt";
    if (!File.Exists(path)) return;
    string loginInfo = File.ReadAllText(path);
    //TODO decrypt information 
    m_LoginInfos = new LoginInfos(loginInfo);
}

And when the application exit it is serialized to xml and Save to file

private void SaveLoginInformation() 
{
    string loginInfo = m_LoginInfos.ToXml();
    //TODO encript the information string 
    path = Path.GetDirectoryName(Application.ExecutablePath) + @"\info.txt";
    File.WriteAllText(path, loginInfo);
}

Note:

One should better encrypt the login info when saving it and decrypt it when loading.

This is currently out of the scope of the article .

A good reference for Encryption can be found in the article of Jeff Atwood

Using The Code

When your application loads get the information (if exist) and construct a global LoginInfos object.

In your WebBrowser ,register to the DocumentCompleted event and construct AutoLoginManger in the Handler

Add user interface to start "Recording" and call RegisterInfoCollection() in the event handler

On exit of application get the xml from the LoginInfos object and save it.