Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 677
  • Last Modified:

Response.Write does not seem to "do anything"

Hi, Experts -
I'm trying to get my first ASP.NET program to behave properly - and have hit a wall. The program is supposed to act as our single sign-on gateway and needs to do 3 things:
1.  Prompt for valid login ID and password;
2.  Validate these values against the Active Directory;
3.  If valid, pass the authenticated login ID to a routine that will encrypt the ID and transfer control to an external site.
The program is stuck at #3.
Here is the default.aspx.cs code that is supposed to perform this transfer:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Configuration;
using System.Text;

namespace SSO
{
    public partial class SSODefault : System.Web.UI.Page
    {
        public new bool Error { get; set; }
        public string ErrorDescription { get; set; }

        protected void Page_Load(object sender, EventArgs e)
        {
        }
        
        // 06-14-12 jtf After UserID is authenticated by AD, pass UserID value to CSOD code
        public void OnLoggedIn(object sender, EventArgs e) 
        {
            Response.Write(GenerateForm(LoginUser.UserName));
        }

        public string GenerateForm(string userId)
        {
            StringBuilder sbForm = new StringBuilder();
            //get base url and all other URLs
            string acct = ConfigurationManager.AppSettings.Get("acct");
            string ssoURL = ConfigurationManager.AppSettings.Get("baseURL");
            string ouId = ConfigurationManager.AppSettings.Get("ouId");
            string logoutURL = ConfigurationManager.AppSettings.Get("logoutURL");
            string timeoutURL = ConfigurationManager.AppSettings.Get("timeoutURL");
            string errorURL = ConfigurationManager.AppSettings.Get("errorURL");
            string destURL = ConfigurationManager.AppSettings.Get("destURL");

            //get the encrypted token
           
            string encryptedToken = WCyberu.GetSecurityToken(acct, userId, string.Empty, logoutURL, timeoutURL, errorURL, destURL);
            if (Error)
            {
                if (!string.IsNullOrEmpty(errorURL))
                {
                    sbForm.AppendLine("<html>").AppendFormat("<body onload=\"window.location.href='{0}';\">", errorURL);
                    sbForm.AppendLine("</body>").AppendLine("</html>");
                }
                else
                {
                    sbForm.AppendFormat("<html><body><p>{0}</p></body></html>", ErrorDescription);
                }
            }
            else
            {
                sbForm.AppendLine("<html>").AppendLine("<body onload=\"document.forms[0].submit();\">");
                sbForm.AppendFormat("<form method=\"POST\" action=\"{0}\">", ssoURL).AppendLine();
                sbForm.AppendFormat("<input type=\"hidden\" name=\"key\" value=\"{0}\"/>", encryptedToken).AppendLine();
                sbForm.AppendFormat("<input type=\"hidden\" name=\"ouid\" value=\"{0}\"/>", ouId);
                sbForm.AppendLine("</form>").AppendLine("</body>").AppendLine("</html>");
            }
            return sbForm.ToString();
            }
    }
}

Open in new window

In debug sessions, I'm able to see the sbForm html that is being returned (see image):sbForm value returnedBut the program seems to ignore the
Response.Write(GenerateForm(LoginUser.UserName));

Open in new window

and simply displays the authenticated login ID (which I added just to make sure the program was doing something).

Help!  I don't know what to do to get this program to work for me...  If I could offer more points, I would.  Thanks so much for any insights you can pass on to me.
0
OGSan
Asked:
OGSan
  • 5
  • 2
1 Solution
 
informaniacCommented:
Why not use Response.Redirect?

This code will write

<html>... ( the string generated by code)

inside the existing..

<html><form>...
0
 
OGSanAuthor Commented:
Thanks, informaniac - I just tried using Response.Redirect and got this error:
System.ArgumentException: Redirect URI cannot contain newline characters.
Line 22:         public void OnLoggedIn(object sender, EventArgs e)
Line 23:         {
Line 24:             Response.Redirect(GenerateForm(LoginUser.UserName));Line 25:         }
Line 26:
Darn - got me all excited...!  :-)
0
 
informaniacCommented:
Well. You need to pass URL of a page in Response.Redirect.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
OGSanAuthor Commented:
Oh - if this helps...here is what is being returned in the sbForms:
{<html>
<body onload="document.forms[0].submit();">
<form method="POST" action="https://COMPANYNM-pilot.csod.com/AESSSODefault.aspx">
<input type="hidden" name="key" value="3D6C0815C1023714771C70331E25B4382D2B2DD732E7594A5D33EEADAE09AA69FFD5409B8EEE4A7262A5EB072B402E821BE6267823DD9AB8B2A7575A03D91F31F249494BD003BDABF18FEBBE311F22A510CF3CA60DFAE981566E0741E2A6C8AC99B822BCE8F0A323F4FF8E70A862B589715D7F7F42AC083969F3560525E602074E0774D95D6B32EB0580A5D14046B7252656EFD6BA0DBAA1BE4C84D38CDAD246455B5A633D2EBE023F7D0C0A616E6DBE9B92E283E9EBC805958280B00AF37349AE32C66F70B551B62348357219F5CA886C206566E410158019BC0A40D5AD1F146E64088B0A9C0FF1A1BEC6D2C17B08BF"/>
<input type="hidden" name="ouid" value="1"/></form>
</body>
</html>
}
Hope this helps.
0
 
OGSanAuthor Commented:
More info:  I just moved the Response.Write(GenerateForm(loginUser.UserName)); to the Page_Load section - and the login screen displays for a second, then the page on the external site is displayed.  Of course, a valid login ID is not being passed so it displays the default screen...but maybe this means that my OnLoggedIn event is the wrong place for this???

I chose to use OnLoggedIn event because that made available the Loginuser.UserName value that I needed to provide to the GenerateForm module.

Is there another/better way I should do this?
0
 
OGSanAuthor Commented:
AHA!  I figured out my problem:  I am using the OnLoggedIn event - and should have left the call in the OnPageLoad event with the code as its own separate site.  Then I should have created a separate page to capture, authenticate, and pass the authenticated value to the separate site.  Will be requesting deletion of this question.
Thanks for the help though!
0
 
OGSanAuthor Commented:
I am going to restructure the program and segregate the call in a separate site.  I'll create the default.aspx page to prompt for the login ID/Password and authenticate it against our AD, then pass the authenticated value to the separate site.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now