OGSan
asked on
Response.Write does not seem to "do anything"
Hi, Experts -
I'm trying to get my first ASP.NET program to behave properly - and have hit a wall. The program is supposed to act as our single sign-on gateway and needs to do 3 things:
1. Prompt for valid login ID and password;
2. Validate these values against the Active Directory;
3. If valid, pass the authenticated login ID to a routine that will encrypt the ID and transfer control to an external site.
The program is stuck at #3.
Here is the default.aspx.cs code that is supposed to perform this transfer:
Help! I don't know what to do to get this program to work for me... If I could offer more points, I would. Thanks so much for any insights you can pass on to me.
I'm trying to get my first ASP.NET program to behave properly - and have hit a wall. The program is supposed to act as our single sign-on gateway and needs to do 3 things:
1. Prompt for valid login ID and password;
2. Validate these values against the Active Directory;
3. If valid, pass the authenticated login ID to a routine that will encrypt the ID and transfer control to an external site.
The program is stuck at #3.
Here is the default.aspx.cs code that is supposed to perform this transfer:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Configuration;
using System.Text;
namespace SSO
{
public partial class SSODefault : System.Web.UI.Page
{
public new bool Error { get; set; }
public string ErrorDescription { get; set; }
protected void Page_Load(object sender, EventArgs e)
{
}
// 06-14-12 jtf After UserID is authenticated by AD, pass UserID value to CSOD code
public void OnLoggedIn(object sender, EventArgs e)
{
Response.Write(GenerateForm(LoginUser.UserName));
}
public string GenerateForm(string userId)
{
StringBuilder sbForm = new StringBuilder();
//get base url and all other URLs
string acct = ConfigurationManager.AppSettings.Get("acct");
string ssoURL = ConfigurationManager.AppSettings.Get("baseURL");
string ouId = ConfigurationManager.AppSettings.Get("ouId");
string logoutURL = ConfigurationManager.AppSettings.Get("logoutURL");
string timeoutURL = ConfigurationManager.AppSettings.Get("timeoutURL");
string errorURL = ConfigurationManager.AppSettings.Get("errorURL");
string destURL = ConfigurationManager.AppSettings.Get("destURL");
//get the encrypted token
string encryptedToken = WCyberu.GetSecurityToken(acct, userId, string.Empty, logoutURL, timeoutURL, errorURL, destURL);
if (Error)
{
if (!string.IsNullOrEmpty(errorURL))
{
sbForm.AppendLine("<html>").AppendFormat("<body onload=\"window.location.href='{0}';\">", errorURL);
sbForm.AppendLine("</body>").AppendLine("</html>");
}
else
{
sbForm.AppendFormat("<html><body><p>{0}</p></body></html>", ErrorDescription);
}
}
else
{
sbForm.AppendLine("<html>").AppendLine("<body onload=\"document.forms[0].submit();\">");
sbForm.AppendFormat("<form method=\"POST\" action=\"{0}\">", ssoURL).AppendLine();
sbForm.AppendFormat("<input type=\"hidden\" name=\"key\" value=\"{0}\"/>", encryptedToken).AppendLine();
sbForm.AppendFormat("<input type=\"hidden\" name=\"ouid\" value=\"{0}\"/>", ouId);
sbForm.AppendLine("</form>").AppendLine("</body>").AppendLine("</html>");
}
return sbForm.ToString();
}
}
}
In debug sessions, I'm able to see the sbForm html that is being returned (see image):But the program seems to ignore the
Response.Write(GenerateForm(LoginUser.UserName));
and simply displays the authenticated login ID (which I added just to make sure the program was doing something).Help! I don't know what to do to get this program to work for me... If I could offer more points, I would. Thanks so much for any insights you can pass on to me.
ASKER
Thanks, informaniac - I just tried using Response.Redirect and got this error:
System.ArgumentException: Redirect URI cannot contain newline characters.
Line 22: public void OnLoggedIn(object sender, EventArgs e)
Line 23: {
Line 24: Response.Redirect(Generate Form(Login User.UserN ame));Line 25: }
Line 26:
Darn - got me all excited...! :-)
System.ArgumentException: Redirect URI cannot contain newline characters.
Line 22: public void OnLoggedIn(object sender, EventArgs e)
Line 23: {
Line 24: Response.Redirect(Generate
Line 26:
Darn - got me all excited...! :-)
Well. You need to pass URL of a page in Response.Redirect.
ASKER
Oh - if this helps...here is what is being returned in the sbForms:
{<html>
<body onload="document.forms[0]. submit();" >
<form method="POST" action="https://COMPANYNM-pilot.csod.com/AESSSODefault.aspx">
<input type="hidden" name="key" value="3D6C0815C1023714771 C70331E25B 4382D2B2DD 732E7594A5 D33EEADAE0 9AA69FFD54 09B8EEE4A7 262A5EB072 B402E821BE 6267823DD9 AB8B2A7575 A03D91F31F 249494BD00 3BDABF18FE BBE311F22A 510CF3CA60 DFAE981566 E0741E2A6C 8AC99B822B CE8F0A323F 4FF8E70A86 2B589715D7 F7F42AC083 969F356052 5E602074E0 774D95D6B3 2EB0580A5D 14046B7252 656EFD6BA0 DBAA1BE4C8 4D38CDAD24 6455B5A633 D2EBE023F7 D0C0A616E6 DBE9B92E28 3E9EBC8059 58280B00AF 37349AE32C 66F70B551B 6234835721 9F5CA886C2 06566E4101 58019BC0A4 0D5AD1F146 E64088B0A9 C0FF1A1BEC 6D2C17B08B F"/>
<input type="hidden" name="ouid" value="1"/></form>
</body>
</html>
}
Hope this helps.
{<html>
<body onload="document.forms[0].
<form method="POST" action="https://COMPANYNM-pilot.csod.com/AESSSODefault.aspx">
<input type="hidden" name="key" value="3D6C0815C1023714771
<input type="hidden" name="ouid" value="1"/></form>
</body>
</html>
}
Hope this helps.
ASKER
More info: I just moved the Response.Write(GenerateFor m(loginUse r.UserName )); to the Page_Load section - and the login screen displays for a second, then the page on the external site is displayed. Of course, a valid login ID is not being passed so it displays the default screen...but maybe this means that my OnLoggedIn event is the wrong place for this???
I chose to use OnLoggedIn event because that made available the Loginuser.UserName value that I needed to provide to the GenerateForm module.
Is there another/better way I should do this?
I chose to use OnLoggedIn event because that made available the Loginuser.UserName value that I needed to provide to the GenerateForm module.
Is there another/better way I should do this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am going to restructure the program and segregate the call in a separate site. I'll create the default.aspx page to prompt for the login ID/Password and authenticate it against our AD, then pass the authenticated value to the separate site.
This code will write
<html>... ( the string generated by code)
inside the existing..
<html><form>...