I have a problem that I am trying to conceptualize whether possible or not. Nothing too fancy (i.e. remote login or anything etc.)
I have Website A and Website B.
On website A a user selects on a few links from website B, i would like to then remotely click on behalf of the user on the link (as Website B creates a cookie with the clicked information) so when the user gets redirected to Website B, the cookie (and the links) are pre-selected and the user does not need to click on them one by one.
Can this be done?
IF you want to interact to anorher webservice the resolution is send post/get request and parse response
Question is what is your goal?
Related
Consider the scenario where I have created a site in Django(website A) and another site in React(website B). I have a button on website A which redirects to website B. While redirecting I am setting up some headers which I want to retrieve from website B when it gets redirected. Is this situation plausible?
I am working on internal website, which is used only within the company. The requirement for one of its pages is to log-in to our vendor sites (which are all on different domains).
For this I open these vendor sites within an iframe of the internal website.
Say,
Internal site: us.com
Vendor sites: foo.com, bar.com
On us.com/openvendor , there are two options: foo and bar. When a user clicks on foo, the iframe within the page opens foo.com in signed in state.
To achieve this, I replicate the login form of foo.com and post all the required parameters like username, password etc. to foo.com's page. I have all the usernames and passwords of different vendors stored in database.
Why do I do this? Because we don't want the users of this site(mostly our CRM team) to know the passwords (lest they use it to do unwanted and untracked transactions) and the activities done through us.com is recorded and saved.
So essentially, we enable users to login to any vendor site, just by clicking on a link.
This was working perfectly fine until one day, when I had to add a new vendor site which doesn't post an html form for authentication. This site (say whattodo.com) makes an ajax call to a url with login credentials, which returns back an authentication cookie. This cookie is then set by the site to make the user logged in.
Now how can I make my end users login to whattodo.com on a click?
I cannot make the ajax call to whattodo.com
Even if I overcome the above problem by storing the auth cookie value in my database and updating it monthly(ya that's when the cookie expires), I cannot set this cookie under whattodo.com domain in the user's browsers.
Please suggest a possible solution.
And please feel free to edit the title. I'm sure there's a better one to summarize the question.
Got a very strange issue, never seen it before. Basically in the admin section of our website, a user attempts to edit something by clicking a button.
This button attempts to call a webservice (via jquery, which the page will then use to show an edit form in shadowbox).
However the user informs me that instead of the form popping up as usual it is blank for a few seconds. Then this pops up:
Any ideas? The webservice is in the admin section, which requires the user to be in a role (which the user is, otherwise they would never get to the point of being able to click the edit button).
This is normal if your web service is located on a different machine as your web server.
If the two machines are on the same domain, then the browser will attempt to use the default network credentials that has been cached.
This dialog will also pop up if the default credentials used to access the web server (which could be anonymous) does not have access to the resource (folder) where the web service is running. The pop up gives the user an opportunity to enter another set of credentials.
Basically there is a MOSS 2010 site, and it contains a list of all user IDs that have accepted some terms. Of course these terms must be presented, and they should try to impede site navigation without accepting them.
The trouble is that the page they will access is editable only in HTML, so I can use Javascript as the only scripting engine.
So there is Site1 - Sharepoint, Site2 - HTML page.
User visits Site2 for first time, gets terms.
The user clicks Accept, it is recorded in a Sharepoint list located at Site1, terms disappear and the user sees regular website Site2
Security is the last problem. So let's assume the user is already logged in to the Sharepoint site.
I've tried iframes, but security asks for same domain/port/protocol.
Use JSONP. Send whatever data you need to as arguments in a URL that is set as the src of <script> element. Have the requested page return whatever data you need as JavaScript. That script will be executed and can do something like call an onaccepted() function in your page.
user sees regular website Site2
I am confused with statement above. You have written that site2 is just an HTML page. If that is the case I will just assume that site 2 refers to an HTML page which must be presented to the first time user when he is visiting Site1.
You can achieve this with a simple code on the default page.
Set default.aspx as the default page of Site1.
When the user visits Site1, a small piece of code runs, may be as a webpart or a delegate, which checks if the incoming user is in the Accepted terms list. If yes, it does nothing, else it redirects to site2.html.
The site2.html is a regular html page with Accept or Reject button. Upon accept, you will have to utilize Jquery code to put the user into the list once he clicks accepts.
I am writing a website that is essentially a client-side web app, i.e. everything on the page is populate by scripts with data from ajax APIs. Users would be also signing in and signing out using a set of APIs.
My question is about how do deal with the following (but not quite extreme) use case:
User opens browser tab A and go to the website and logged in as user #1.
User opens browser tab B and also go to the website. Since there is a get_session API, the script restores the session on tab B.
User logged out from tab B while leaves tab A open.
User forgets about tab A for sometime, and go back and interactive with tab A.
Scripts in tab A attempts to fetch new data as user #1 but encounter error.
Ideally, there should be some way in step 3 that the tab A would also log itself out when user clicked logged out in tab B.
It's possible to log out tab A in step 5 (GMail do that), but I think there should be a better way. Even checking in step 5 would be non-trivial, cause for such design every API must know exactly which user's data the script is requesting, or the below use case would generate incorrect output.
(1-3) same as above.
User opens browser tab A and go to the website and logged in as user #1.
User opens browser tab B and also go to the website. Since there is a get_session API, the script restores the session on tab B.
User logged out from tab B while leaves tab A open.
User log in again from tab B but this time as user #2.
User goes back to tab A and interactive. While thinking the user is user #1, the script in Tab A request data from API.
API returns data that belongs to user #2. Boom.
Is there a common practice to prevent these kind of problem? Thanks.
Tim
The ajax response should indicate as an error condition that the user has logged out; on the client side, detect this error and perform the appropriate action. Obviously this only works when there is an ajax response, so you might want to implement some kind of 'hearbeat' mechanism, that is, the client sends a ping-like ajax message to the server every few seconds. When you log out, the server will respond to the heartbeat with a 'user logged out' error, and the client can go into 'not logged in' mode.
I don't think there is, because such communication between pages (tabs) would be a significant security weakness.
However, you could achieve the same effect by having each page (tab) polling the server to see if the session is still valid. Or use one of the event-handling techniques such as long-polling or streaming in an iframe.