Page 1 of 1

Automatic login with hidden login data

PostPosted: Fri Dec 12, 2008 10:10 am
by Rene Jungmann
Hello,

is it possible to call an automatic login with hidden login data or encrypted login data?
If you use firefox, the url including login data is saved in the history.

I need it espacially for starting an Dynamic AI session by a DataFlex program.



Regards


Rene Jungmann

PostPosted: Fri Dec 12, 2008 10:47 am
by admin
Hi Rene,

Yes you can!

Lets look at a simple direct call to a report:
(you can see these in the report documentation for each report you have)

Code: Select all
http://DynamicAIServer/aidemo/ai.asp?UID=administrator&PW=secret&DAI_R=1001


If you avoid the DAI_R parameter (which indicates the report ID) then you just perform a login.

I know you're with me this far.

You can put these parameters and filters in the url directly, or place them in a form on a web page such as:
Code: Select all
<HTML>
<BODY onload='BB.submit();'>
<FORM NAME=BB METHOD=POST ACTION="http://DynamicAIServer/aidemo/ai.asp">
<INPUT TYPE=HIDDEN NAME="UID" VALUE="administrator">
<INPUT TYPE=HIDDEN NAME="PW" VALUE="secret">
</FORM>
</BODY>
</HTML>


You can encrypt the data by using a SSL certificate on your dynamic server. Feel free to ask if you want information on that.

By the way, the enterprise edition can accept digitally signed "tickets" issued by other systems and entirely remove the need for passing login info in clear text.

Best regards

Bo

PostPosted: Fri Dec 12, 2008 2:03 pm
by Rene Jungmann
Hi Bo,

thank you for the reply, but this doesn't solve my problem because I don't have a link from another website but from a program. So I can't use the technique of hidden input fields. I want to start the site by using shellexecute or similiar commands.

Regards

René Jungmann

PostPosted: Fri Dec 12, 2008 2:17 pm
by admin
Hi René,

I see the problem, but I guess I dont have a perfect solution for you.

Can you describe more detailed what you'd like to do? Will all users log in with the same credentials? Are you running the dataflex program from the individual user's desktop?

Are you aware of the possibility of running dynamic in a browser object inside of VDF? That way, you won't see the calling url. I am no VDF expert, but I could put you in touch with someone that can help you get started.

Best regards

Bo

PostPosted: Mon Dec 15, 2008 3:45 pm
by Rene Jungmann
Hi Bo,

thanks. We decided to use an COM-Instance for using the IE inside of our program. So the problem with the credentials is solved for us.

Regards

René Jungmann

PostPosted: Mon Dec 29, 2008 5:31 pm
by Rene Jungmann
Hi Bo, Hi DAC

using the COM-Object of IE works, but now I have the problem, that the called URL incl. credentials is stored in the historie :-(.

Let me explain, what I want to do:

The users should be able to run DAI-Reports without the need of manual login. The credentials are stored in our database, for each user. An option is, that the admin can define a special user for login in DAI.
Nobody should be able to see the password, even the computer is unlocked. But it is possible, because the url is stored in the history.

Using a form with hidden inputs doesn't work, but I don't know why.

I think, there are two ways:
1. Using IUrlHistoryStg to delete the added url. But here I need the help of Data Access, because I can't find the COM-Class to import (it isn't included in shdocvw!)

2. I send post data when calling the url by the method NAVIGATE. But I couldn't find any working example in the internet. Maybe you know it!?


Best Regards,

Rene Jungmann