Pass argument to a web page
I want to pass username and password to a website login screen instead of the user entering the data. Can this be done?
ASKER
Not to a authentication , there is no authentication. It's a specific page within the company we want to pas a user/pass.
What I want to accomplish is that from the main site, the user clicks on an option then when clicked, the other page is presented with user/pass fields field (they only have to press enter key).
How can I do this?
What I want to accomplish is that from the main site, the user clicks on an option then when clicked, the other page is presented with user/pass fields field (they only have to press enter key).
How can I do this?
That is done with an HTML form on the originating page. Browsers will remember the data after the first time they use the form.
ASKER
Yes, true, browsers will remember the data after the first time the form it has been (but that's not what I want).
Here is an example I want to do:
Hope I cleared up what I want to do.
How can this be done?
Here is an example I want to do:
- User X never visited site A or site B.
- User X goes and visit site A.
- Within that site, the user clicks a links that will send him/her to site B
- Note: within site A code, prior executing to open site B, I want to include some code that when opening site B, it send the argument a specific username and a password to site B
- site B is opened and the page shows the username and have the password field filled
- User X just press ENTER key
Hope I cleared up what I want to do.
How can this be done?
To do that, you would need to have control of Site B OR Site B will offer some type of api. Another option is to have something like
Of course the drawback to this last option is you are giving everybody the username and password. The first two options I mention can be done on the back end with .NET, Java, PHP etc. where you do not have to show the username and password in public.
<form action="http://siteb.com" method="post">
<input type="hidden" name="username" value="hard-coded-username">
<input type="hidden" name="password" value="hard-coded-password">
<button type="submit">Submit</button>
</form>Of course the drawback to this last option is you are giving everybody the username and password. The first two options I mention can be done on the back end with .NET, Java, PHP etc. where you do not have to show the username and password in public.
There are a variety of ways to do this but none are that simple. Some code somewhere has to first identify the user and second put the appropriate data in the link. Third, the page on Site B must receive that data and put it in the proper place.
ASKER
So it’s possible.
Seems complicated. Can you give some some links or example to start checking it out how it work and try at our end.
FYI, both sites we have total access and can do whatever change we want.
Seems complicated. Can you give some some links or example to start checking it out how it work and try at our end.
FYI, both sites we have total access and can do whatever change we want.
It is a little complicated. The first question that must be answered is how are you going to identify the user on site A so you give them the correct login info?
ASKER
The username and password is fixed, always the same value (this is on purposes). When User X enter site A, there is no login, they are just browsing. However, when in site A the user clicks on the specific link, fixed constant values user/pass values will always be sent to site B.
based on the above, what is the best way to go about it?
based on the above, what is the best way to go about it?
Passing username and password from page to page on website is not good idea in production. You might want to check cookies or session to suit your need.
Research a bit about SSO (single sign on), which might be what you're looking for.
In essence, many sites utilize the same cookie system, so a login on one site works across many sites.
In essence, many sites utilize the same cookie system, so a login on one site works across many sites.
According to details you have provided.
User X never visited site A or site B.
User X goes and visit site A.
In Site A, Users clicks link (from Site A send username password) ---> Site B (show received username, password)
Is this correct?
User X never visited site A or site B.
User X goes and visit site A.
In Site A, Users clicks link (from Site A send username password) ---> Site B (show received username, password)
Is this correct?
ASKER
Yes, correct.
Note:
I understand it's not good idea in production but the sites are for us, no clients, no partners, etc., nobody else. The sites are not given out to random people or are printed in any publication for any references. The sites are going to known by specific users for specific tasks we are working on.
In essence whet I want to accomplish is that when a user click the link, the next site is open and in the fields user/password will display a specific username/password of our choosing.
Note:
I understand it's not good idea in production but the sites are for us, no clients, no partners, etc., nobody else. The sites are not given out to random people or are printed in any publication for any references. The sites are going to known by specific users for specific tasks we are working on.
In essence whet I want to accomplish is that when a user click the link, the next site is open and in the fields user/password will display a specific username/password of our choosing.
In that case you have to follow as Scott mentioned. Create a request link from Visted Site A to point to Site B.
Site B can be really Server Side Response.
Site B can be really Server Side Response.
Visited Site A ---request -------> [SERVER]
Site B response <----------/
I think sending username password to Site B is bit unnecessary if server already know who requested Site B and retain the authentications.
As you said authentication is not required but backend SERVER should verify username and password, isn't?
As you said authentication is not required but backend SERVER should verify username and password, isn't?
ASKER
The server does not know who is requesting site b.
No authentication.
The link is not obvious, only certain usted will know that the “word” is an actual link to the next site.
How can I do this?
No authentication.
The link is not obvious, only certain usted will know that the “word” is an actual link to the next site.
How can I do this?
The username and password is fixed, always the same value (this is on purposes). When User X enter site A, there is no login, they are just browsing. However, when in site A the user clicks on the specific link, fixed constant values user/pass values will always be sent to site B.
based on the above, what is the best way to go about it?
I have given you an option already, https://www.experts-exchange.com/questions/29138992/Pass-argument-to-a-web-page.html?anchorAnswerId=42818943#a42818943
<form action="http://siteb.com" method="post">
<input type="hidden" name="username" value="hard-coded-username">
<input type="hidden" name="password" value="hard-coded-password">
<button type="submit">Submit</button>
</form>While this will display only "submit" or whatever text you want, any user can still view code and that will reveal the password. While the typical user may not take the time to view the code, web crawlers only view code. This gives you what you want and is the best route based on what you describe. However, I think most of us will agree it is not a good work flow.
What would be a better work flow? We need more details. Do you have full control over Site A AND Site B? Or is site B something you have access to and want your visitors to use your log in credentials? If that is the case, does Site B have an api to perform this function or can you use a silent post to redirect them? You redirect your users to a blank page that only contains code, submits credentials and redirects to the new site. If that works it will depend on the Site B.
ASKER
Thank you. Sorry didn't see your previous entry.
also thank you for your observations. And yes, we full control over Site A AND Site B. Don't know about the API, will check.
also thank you for your observations. And yes, we full control over Site A AND Site B. Don't know about the API, will check.
Perfect! That opens up some good options. Are they on the same server?
ASKER
Yes
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you. Site B is a simple login, no security etc. (it’s on purpose).
What do you mean by login, no security?
You have some good options presented from easy to more complex to implement. The easiest is the option of posting directly to Site B with the username and password pre-populated on the form. Just remember that just because a field is hidden does not mean it is really hidden because it is not. If you use that solution it will eventually not matter that you have a log in on site B
What is it you are really trying to prevent from happening on site B?
You have some good options presented from easy to more complex to implement. The easiest is the option of posting directly to Site B with the username and password pre-populated on the form. Just remember that just because a field is hidden does not mean it is really hidden because it is not. If you use that solution it will eventually not matter that you have a log in on site B
What is it you are really trying to prevent from happening on site B?
ASKER
I really Appreciate you comment.
I just want to pass username and password values to site B and have the user press ENTER key. Both site are not with value data and with the help in this question I can try various options. I haven't closed the question because I want to try the recommendation (today I will).
Will keep u posted.
I just want to pass username and password values to site B and have the user press ENTER key. Both site are not with value data and with the help in this question I can try various options. I haven't closed the question because I want to try the recommendation (today I will).
Will keep u posted.
Thank you jana
ASKER
Hi scott, I think I gave you guys wrong line. I want to pass values (user/password) from Site A to Site B when in site A user clicks link to open site B.
The code samples above is for placing the values within Site B, not passing from Siat A to Site B, correct?
(please explain)
The code samples above is for placing the values within Site B, not passing from Siat A to Site B, correct?
(please explain)
ASKER
any comment?
Everything in this thread is for passing data from site A to Site B.
You have options such as passing data via a form (not a recommended or secure idea) to passing a token. Remember, you have control of the server for both sites and this gives you more options than if you didn't have control over both.
The next step is to try some of these options with simple test pages and let us know what errors you are running into or if any worked.
You have options such as passing data via a form (not a recommended or secure idea) to passing a token. Remember, you have control of the server for both sites and this gives you more options than if you didn't have control over both.
The next step is to try some of these options with simple test pages and let us know what errors you are running into or if any worked.
ASKER
Thank you all very much sorry for the delay been out sick all this time.
The problem with basic authentication + passing user/pass in URL as the ease at which this data could be scrapped off the wire.
Specific systems provide hooks for this, like WordPress using XMLRPC requests... or by using wp-cli...
You can also use a system like LastPass which might be able to automate this process, depending on exactly how the site in question uses HTML + Javascript to handle logins.