login into external page

Question

1.00/5 (5 votes)

See more:

hi;
I want to login into an external page from my website while I use the username and password through my site...I want this code in C#.net and ASP.Net

Thanks a lot for help

Posted 15-Oct-12 7:08am

Robert Khaldar

Updated 15-Oct-12 7:50am

fjdiewornncalwe

v2

Add a Solution

Comments

I.explore.code 15-Oct-12 13:19pm

so basically you want us to write the code for you, right?

Robert Khaldar 18-Oct-12 6:56am

Yes , Thanks a lot

I.explore.code 18-Oct-12 7:57am

ok. you are welcome!

Sergey Alexandrovich Kryukov 18-Oct-12 14:20pm

Does not make sense anyway. OP needs an advice on security, that's it.
OP should not do it, by the reasons I tried to explain in my answer -- please see.
--SA

Sergey Alexandrovich Kryukov 15-Oct-12 13:22pm

Is that "external page" a login page?
--SA

Robert Khaldar 18-Oct-12 6:57am

Yes , The External page is a login page

Sergey Alexandrovich Kryukov 18-Oct-12 13:58pm

But then it has its own authentication you cannot change. You only can register on the site and use it. Do you mean that you simply want to use identical username/password for both sites? This won't not a safe practice (but your user can choose any, it's OK). Is it like eBay and its own but separate site PayPal? Pay attention: they require and enroll separately. This is safe; and that's why even safety-savvy developers can trust eBay. You should follow this practice, too.
--SA

ZurdoDev 15-Oct-12 14:36pm

So, you need to provide the information to the external page.

Sergey Alexandrovich Kryukov 18-Oct-12 14:20pm

I think the picture is already clear enough -- OP should not do it, by the reasons I tried to explain in my answer -- please see.
--SA

Robert Khaldar 19-Oct-12 4:24am

thanks a lot for your help.
I'll say my problem again.

I have a login page (A.com). suppose that I want to connect to yahoomail.com. but I want that I type the username and password (of yahoomail) in A.com contrlos...

thanks again for your help

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sergey Alexandrovich Kryukov · Answer 1 · 2012-10-18T08:18:00

Even though I don't 100% understand your intent and goals, please pay attention for my comment to the question, where I tell you that such practice won't be safe. I'll try to explain why.

Please follow my logic. If, as you say, the login page for an external site is also on this site, the enrollment procedure (when a user creates account, username and password and post relevant data to the site) is defined on that site, and you don't have a control over it. Now, please understand why this should always be done by a human operator, as well as all authentications. Of course, you can simulate user input on your site, assuming the user trusts it, using, say, .NET HttpWebRequest (which you can always do on server side, as you are using .NET). Don't do it for this purpose! Even if your user trusts your site on that, you will break this trust: the user should not trust you. I'll also explain why. Keep reading.

Let's assume the external site is safe. First of all, it means that the passwords are not stored anywhere, except user's brain. How can this be possible? One of the ways, the one which is most often used, is using the cryptographic hash function. The password is actually never needed for authentication. The user only types the password manually, and the hash of the password is compared with the hash of the password, stored on the site, when users creates their accounts. As hash is irreversible, it's infeasible to restore the password based on hash. Please see:
http://en.wikipedia.org/wiki/Cryptographic_hash_function[^].

Now, I'm afraid you are going to store a real (non-hashed) password on your site, otherwise it would be quite difficult, if even possible, to authenticate on this external login page in simulated way. And storing of the original password is so unsafe, that you should just forget about cryptographic strength of your side! And, worse, by doing so you would also badly betray the users of the external site. Don't do it, ever.

Look again at my comment to your question. You should better follow the architecture of the collaboration between eBay and PayPal. The key reason for having separate sites is that people can use PayPay to do monetary transactions not related to eBay. Even though PayPal belongs to eBay, the sites are independent. eBay has unlimited access to PayPal pages, but the user has separate accounts on both sites, and always authenticate on both sites manually and separately, for a good reason. That's why people trust eBay and PayPal and should not trust your application, unless you follow my advice and do things safely.

Good luck,

—SA