Click here to Skip to main content
15,900,818 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
In our company we are using both windows application and web application. To login both application same username and password are using. So once I have logged in to windows form by using Username and password in the form I have a link to go to our web application it should be auto login to the website by using username and password used in windows application. How I can do this with security
Posted
Updated 19-Jul-22 20:06pm
Comments
senguptaamlan 27-Aug-10 3:48am    
please specify whether you are using Forms authentication or windows authentication.
Ankur\m/ 27-Aug-10 8:45am    
[moved from answer]:
SudhaRadha wrote: I am using Forms authentication

When you log onto your system from the windows application, you can generate a token (Say, A GUID), store it into the database along with the user ID, and keep it in a variable inside the windows application. You need to remove the token from the database user logs out. So, the token is valid as long as user is logged onto the system from the windows application.

Now, when you click the Web application's URL from the windows application, you send the token with the QueryString. Within the web application, you get the token from the QueryString and query the database to retrieve the associated user. Also, you invoke the method with the retrieved user's username and password that logs in a user into the web application.

Please note, there is a security issue with this approach. As long as the token is available in the database, if any one intercepts the Request and gets the Token and hits the web application's URL with that particular token, will be able to access the web application.

To prevent that, you just need to make sure that you are deleting the token from the database as soon as you get the Token in the Request URL, match with the existing Token in the database and log onto the web application. In that case, hacker won't be able to access the system with the Token that he/she just intercepted .

Good luck.
 
Share this answer
 
v3
Encrypt the Username and password

Send it through URL.

Retrieve the encrypted key and decrypt it in the web application.
(This is not secure though)

For this you need to know to encrypt and decrypt. Search Google for this.


Hope this may help u. :)
 
Share this answer
 
You can put the username and password on the URL and then remove it after the user is logged in. Passing in a username and password is not insecure. The most you might do is try to add some code so that a bot can't make requests repeatedly to guess a password.
 
Share this answer
 
I am looking for the same solution
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900