Solved

Opening URL and automatically login.  Pass username, password, and trigger login button.

Posted on 2006-11-06
7
383 Views
Last Modified: 2011-09-20
Is there a way to create a link on my website that would allow me to redirect a user to a different website and automatically login them in by sending the username and password needed and then triggering the login button for them?  Thanks!
0
Comment
Question by:Quetysis
7 Comments
 
LVL 19

Accepted Solution

by:
VoteyDisciple earned 125 total points
ID: 17882085
This depends entirely on how that site is structure.  If it's htaccess authentication then you can get away with just redirecting to:

https://username:password@www.example.com/


If the other website's login form uses the "get" method then you can just reconstruct the URL the same way their form does:

https://www.example.com/login?option=value&username=scott&password=tiger


If the otehr website's login form uses the "post" method (which of these three possibilities is most likely) then you have it a little worse off.  You could
1.  Create a similar "post" form on your own site (with the same action as the other site's form, of course) and just fill in the username and password in hidden fields
2.  Programatically issue a POST to the other server (harder, but definitely possible, especially with the help of some existing library code).
0
 
LVL 4

Expert Comment

by:noam_dz
ID: 17882165
You can use https://www.example.com/login?option=value&username=scott&password=tiger even if the form is orignaly in "post" it will recive "get" as well.
0
 
LVL 13

Assisted Solution

by:AngryBinary
AngryBinary earned 125 total points
ID: 17882168
You could create a form which stores the login and password as hidden values and posts these values to the login page on the other site. What is most important is how the site processes it's logins. Most likely, they have a page with a login form that posts back to a page that validates and performs the login. The latter page is the one you will have to post to, using the names of the form fields on the former page.

If the site uses file access security, which usually manifests as a modal window popup with textbox inputs for login and password, I believe some older browsers support the syntax http://username:password@somesite.com/securedcontent.html to auto-login, however in some newer browsers this capability has been disabled.

It should be noted that no matter what, the site that owns the login page will have the capability to prevent logins from coming elsewhere by checking the referer. Also, this kind of activity might not comply with their intended usage, so it may cause some annoyance on their end.

Cheers,
--Randall
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 
LVL 19

Expert Comment

by:VoteyDisciple
ID: 17882241
noam_dz, that's not necessarily true.  Some sites are indeed poorly configured, and will treat "get" data the same as "post" data.  It's certainly worth trying  (if it works, hey, problem solved), but it's definitely not a guarantee.  A site designed with a little more attention to detail will consider only posted data for logging in.

In PHP, for example, the login page may look directly at $_POST, and not at $_REQUEST.  
0
 
LVL 18

Assisted Solution

by:Morcalavin
Morcalavin earned 125 total points
ID: 17882260
"You can use https://www.example.com/login?option=value&username=scott&password=tiger even if the form is orignaly in "post" it will recive "get" as well."

Not necessarily.  You can script explicitly to accept get, post, or both.  If the login script is designed to look at post data only, putting it in the querystring isn't going to do any good.
0
 

Author Comment

by:Quetysis
ID: 17882424
thanks everyone!  I'll give those a try and see what happens...
0
 
LVL 1

Assisted Solution

by:jacckk
jacckk earned 125 total points
ID: 17885578
If you want to generalize the action you need the form username field name, password field name, the username and password and the submit URL. You can write an asp/php page, that you pass these values to either by a post to that page or querystring and generate the form dynamically and at the end of the page write an submit acton using javascript.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Learn by example how to specify CSS selectors for Selenium WebDriver test automation software.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now