How To Connect To A Third Party Website In Classic Using Javascript For Password Encryption
Oct 13, 2010
I have to make changes to classic asp website where once a button is clicked it autologins to a third party website with a intermediate page that warns that you are logging in to a third party website.
The thirdparty is providing us with a username and password and gave us an examle javascript to encode the password to send to them. Now where do I store the userid and password. I cannot execute the javascript on the serverside. It has to go to the client. If the asp page which has the encryption javascript goes to the client side then the source can be viewed and the username and password is given out.
Is there a way that I can have hidden asp page whose only job is to encrypt the password and create a new url and auto redirect it to that new url.
So when the user clicks ok on the intermediate warning page I redirect it to this hidden asp page which does the encryption and a creates a url for get method and redirects to that page.
I am a novice as far as java script and classic asp is concerned.
View 1 Replies
Similar Messages:
Dec 25, 2013
I have a problem with changing the password from Microsoft Access Database. I get an Error "No data exists for the row/column". The password in the database is encrypted and when I change the password it should be decrypting the password and new password should be updated with encryption again. I have following Encryption and Decryption Function:
Code:
Imports System.Collections.Generic
Imports System.Linq
Imports System.Web
Imports System.Text
[code]....
View 3 Replies
Aug 2, 2010
I want to know how can I protect my password in login & register pages because I am not using .net's Login or CreateUserWizard controls.I want an encryption method for this process e.g. when storing password in the database form the register page and when comparing the password with stored password in database to varify a user in login page.
View 3 Replies
Dec 1, 2010
Just a quick question i've been asked to look at enhancing security but encrypting passwords we store in a db table, essentially the data thats linked to the user account isnt sensitive however its more to stop someone reading passwords out of the table directly etc
I've read multiple ways of implimenting hashing etc i've started using FormsAuthentication.HashPasswordForStoringInConfigFile
//create new salt and update the password
Hashtable newInfo = new Hashtable();
newInfo["salt"] = GenerateFriendlyPassword(5);
string tmppass = FormsAuthentication.HashPasswordForStoringInConfigFile(txtNewPass1.Text.ToString() + newInfo["salt"].ToString(), "SHA1");
newInfo["passwordHash"] = tmppass;
Generate friendly password returns a 5 char string based on a random position in a valid char array containing a - z and 0 - 9At present the functionality is at page level in the code behind, re this is the forms authentication HashPasswordForStoringInConfigFile function thread safe? Or do i need to look at implimenting this in a different wayCheers appreciate your response as im always jubious about multi threading etc,
View 1 Replies
Mar 8, 2011
Can anyone help with best practice for storage of database passwords/connectionstrings for ASP.NET applications? Most tutorials suggest storing the connection string (along with the password) in Web.config. I don't like this solution because the connectionstring is visible to anyone working on the application (although I appreciate it is secured from the consumer). You can use aspnet_regiis to encrypt sections of Web.config, but then surely anyone with access to the web server could easily decrypt it anyway. For an enterprise level application what should I be doing?I could store it in Web.config and encrypt with my own key, but then would that offer any advantage over aspnet_regiis, because the key would have to reside on the web server anyway?
View 1 Replies
Feb 8, 2011
i want to encrypt the password by using the encryption algorithm dll uploaded by the user. is it possible to do the action. how can i call the method used by the user to create the dll.
View 1 Replies
Oct 12, 2010
I am using a custom membership provider with a custom ValidateUser method. The ValidateUser sends and additional parameter to authenticate my users (Username, Password, and Dealer). I created a custom stored procedure for ValidateUser to call. I copied over all my users from another table and encrypted all the passwords in the aspnet_membership table using the code below. My question is, how do I take the password the user enters in the login form and validate that against what is in my aspnet_membership Here is the code I used to encrypt the passwords (not even sure this was the right way to encrypt. Please tell me if I did this wrong):
public static string EncodePasswordNow(string originalPassword)
{
Byte[] originalBytes;
[code]...
View 1 Replies
Feb 8, 2010
Before I continue I'm going to let everybody know that I am not trying to follow a traditional .Net Membership Provider. I'm attemping to write my own Membership Provider which does not extend the default .Net Membership Provider b/c I feel that in areas it can become extremely cumbersome. Please keep this in mind before responding. Also keep in mind that I am trying to learn from this experience, not find an easy solution for some client's application.I am writing a custom membership provider that has password formatting functionality similar to .Net's default membership provider. I'm looking for soe good/easy examples of ways to encrypt/decrypt or hash password values. I previously tried going the RSA route, but got stuck when I had to Import an RSAParameter and was unsure of how to generate a RSAParameter.
I would like to have both Hashing and Encryption available, but only need Encryption. I'm also looking for a very strong encryption. I'm storing the password format in an external .xml file (similar to how the web.config stores the password format for .Net's Membership Provider) which will become manageable from the administrative side of my webapplication.If anybody knows of any existing Encryption libraries that may provide assistance, please feel free to post links. I only ask that they be open source solutions so I can see how they went about doing this.
View 4 Replies
Jan 10, 2012
I am using this method to encrypt password.. When user enters special characters it gives an error.. Method below :
private string base64Decode(string sData) {
string result=null;
try
{
System.Text.UTF8Encoding encoder = new System.Text.UTF8Encoding();
System.Text.Decoder utf8Decode = encoder.GetDecoder();
[Code] ....
View 1 Replies
Jun 16, 2010
For our website, we have decided we would like to maintain our user passwords as encrypted binary data in our database. We are using ASP.NET 3.5 to host our site and SQL Server Express 2008 for the database, both running on the same server. When a user logs in and submits a username and password, there will need to be some sort of encryption or decryption in order to verify the credentials. To me, it would appear that there are 3 ways to do this:
1)[C# Encyrption] On User creation, perform encryption in the Web App and submit the encrypted password to the database. To verify credentials at Login, perform the same encryption on the submitted password and ensure that it matches the value stored in the database.
2)[SQL Encryption] On User creation, submit the plain-text password to the database and have it perform one of the SQL encryption variants during INSERT. To verify credentials at Login, have the database perform decryption on the password during the SELECT statement, and compare the plain-text submitted password to the one in the database.
3)[Mix] On User creation, submit the plain-text password to the database, and have it perform one of the SQL encryption variants during INSERT. To verify credentials at Login, perform the same encryption algorithm used by SQL on the submitted password ( is this possible? ), and ensure that it matches the value stored in the database.
Does anybody have an opinion as to which of these options is best? Number 1) is the most familiar to me, and would be the easiest to use with LINQ to SQL ( which is our current data model ), so I am leaning towards that. But if there are better options I would love to know about them.
View 3 Replies
Mar 31, 2010
Is it possible to log the user automatically into a third-party website if we have their details on record? For example, if I had a users facebook/hotmail username/password stored in my database, is it possible to use these details to log them into facebook/hotmail, then open up facebook/hotmail.com with them already logged in?
Basically my Client uses Basecamp for their customers and wants a way of automatically logging his customers into basecamp from their website without them having to go through the trouble of logging in again (after they've already logged in through my clients website).
View 5 Replies
Apr 5, 2013
I have subscription to a website where I can login and download files. These files are secured so I cannot download them with a direct link. Is there any way that I login programmatically and download files from http to my server without any user involvement? They do not offer any API or interface to communicate with.
View 2 Replies
Apr 5, 2010
I have a web site and i want any online users chat with any other user in private mode. it is like facebook chat. is there any free third-party component to use in asp.net web site.
View 1 Replies
Aug 26, 2010
if I complete a form, the data will be sent to the server as raw plain text which could be read by sniffers.
I want to encrypt form's data client-side (like username, password,...) and then send them to the server.
It seems that there are two ways:
1- Using SSL (in my scenarion, I can't use)
2- Using custom ActiveX control.
3- Using server side dynamic javascript encryption function.
View 2 Replies
Jun 18, 2010
In my website I m using third party cookies i.e. when i logged in then I m accepting cookies from third party through javascript.
Now all done well in firefox and other browser except IE. After doing some r & d i found that default settigs from IE doesn't allow accept third party cookies.So after settings "Allow All Cookies" problem is solved. But now my concern is that is there any way that end user do not have to settings manually in IE ?
View 1 Replies
Jan 25, 2011
We currently have two applications that will be using this. One is a web application, the other a desktop app. Both of these require users to login/authenticate, the same credentials can be used for either application.I want to build an automatic login mechanism that will fill in all the various login/order details and be able to call this from either app mentioned above. I've been thinking that the best way to do this is to pass this information encrypted through the URL. ie https://mysite.com/TakePayment.aspx?id=GT2jkjh3....
Since we don't want to integrate the payment processing too tightly into the desktop app to reduce our PCI scope, we decided to have it open the browser to a central, secured payment page through a simple shell execute with the full URL causing the default browser to open that page.Originally we were using AES for the encryption, but this is currently being re-examined as we would prefer not having to give out the key to the end user (AES is symmetric, symmetric encryption = both parties need the private key, why bother even encrypting then since we're going to be distributing the app?) So I'm looking at switching it over to use Public Key Encryption with the built in RSA routines within .NET
After coding up the RSA portion I noticed most examples on the net used 1024bits for the key-length, I went with this and now have our portal working with public key encryption, however the URLs generated are much much longer than when I was using AES so it made me start researching what the max limits for URLs are. http://www.boutell.com/newfaq/misc/urllength.html Says that IE is the limiting browser at about 2048 characters in the path portion. My initial tests with the RSA encryption show my urls will be around 1400 chars long.My questions boil down to this:1) Is there a better way for passing information from a desktop app to a website that I'm not thinking of? I'd prefer it be just as easy to use from another web page as it is from the desktop, hence my current solution.2) Is 1024 bit RSA keys necessary? Or overkill for something like this? A shorter key would mean shorter encrypted text right?3) Are there any other unforeseen problems with URLs in the 1200-1400 character range? Proxies? Firewalls? Web-Accelerators?
View 1 Replies
May 7, 2015
I was able to encrypt the password and save it in the database but I need to encrypt the password now when the users try to login. For example, user comes and types his/her username and password but the password is already encrypted in the database, how can I decrypt and authenticate the user?
protected void ValidateUser(object sender, EventArgs e)
{
int userId = 0;
string constr = ConfigurationManager.ConnectionStrings["constr"].ConnectionString;
using (SqlConnection con = new SqlConnection(constr))
{
using (SqlCommand cmd = new SqlCommand("Validate_User"))
[code].....
here is the decrypt function
private string Decrypt(string cipherText)
{
string EncryptionKey = "MAKV2SPBNI99212";
byte[] cipherBytes = Convert.FromBase64String(cipherText);
using (Aes encryptor = Aes.Create())
[Code]......
View 1 Replies
Feb 17, 2011
I have a need to display our application widget within a third-party website (think things like GetSatisfaction, UserVoice and other feedback widgets that people use). What is the safest and most reliable way to do this? I can think of some criteria and issues already: The code needs to be framework and language independent. Even though my app is ASP.NET, the 'launcher' will be run in any HTML page that belongs to our customers. So I suppose that limits me to HTML and Javascript only. The function needs to be very easy to call. So that implies a <script scr='mywebsite.com/widget.aspx' ...> as the sole thing to give to my customer. There is to be no use of CSS. Or rather, I can style things, but without a CSS file, as that could pull in styles that conflict with what my customer is running. There must be no use of libraries such as JQuery. I mention this because I can imagine problems if we pull in a JQuery version that differs from our customer's, thus ruining their site with our code.
View 1 Replies
Sep 16, 2010
Not sure if I'm posting the question in the right category.
1) I'm working in a project where encryption of data is high priority. Could some one suggest what would be the best encryption method to protect data from being cracked.
I'm using TCP/IP protocol.
2) Is HTTPS totally secured. If I'm using HTTPS, does that mean that there is no encryption of data required in the coding?
View 3 Replies
Oct 23, 2010
When you need to store sensitive data such as CCs or SSNs, do you:1) Build your own encryption routine within the application, define a secret key somewhere in a config file, and then manually encrypt/decrypt data going to the database.2) Push all the problem to the database, using the built in DB capabilities (I think most vendors call it Transparent Database Encryption).What trade-offs have you find for your solution? Does writing your own routine perform poorly when compared to TDE? Is code maintainability, or conversely DB vendor lock-in an issue?
View 3 Replies
Jun 28, 2013
I would like to connect to a password protected shared location that has an access database using an ASP page. I have the user name and password needed to connect to the shared location but I am not sure how to set up the connection string in order to get this done. The access database I would like to connect to does not need a username or password, only the shared location does.
View 1 Replies
Oct 19, 2010
I want to make a 2nd website and am using a copy of the site files from my 1st site built for me, I added them via FTP to the hosting company. I realise when I edit the new site via the CMS it is editing both sites plus when I try to change anything to the CSS file I get the following error -
C:inetpubvhosts*****mysite******httpdocsapp_themessiteStyleSheet.css
So my questions are what do I need to change to be able to deploy a new site with the files I have to make a new site?I also don't understand where the password is coming from, I can see the User ID comes from the database. in the Asp.net connection strings are the following:
site Data Source=sql7.hostinguk.net;Initial Catalog=***;User ID=***;Password=*** - Where is this password coming from?
membership Data Source=sql7.hostinguk.net;User ID=***;Password=***;persist security info=False;initial catalog=***;
View 2 Replies
Feb 11, 2010
I got 2 pages on my iis7. None of them got a domain addy yet. So I wonder how I could connect to them with the server ip somehow?
like if i got all in the files in wwwroot and I can access to the web site like this..[URL]
View 2 Replies
Mar 16, 2011
In IIS i have a website Web1 and Web2 .Web1 is working fine.in web 2 i tried redirect to URL option.but it is not working now my reqirement is
1.If i type www.web2.com then the web1.com should come and in the browser address should be web2.com
2.if i type www.web1.com ,then the address should be web2.com and web1 should come.
View 4 Replies
Feb 8, 2011
i have created a website and a project[containing form1]...in my website a page is der which shud call form1...but i dont know how to do it..is it possible.
View 4 Replies