In ASP.NET; How can I login from a remote HTML page into another ASPX page with ASP.NET Membership

https://stackoverflow.com/questions/8891386

29-10-2019
|

Question

I basically need to login into another domain that is using asp.net membership.

If we have an ASP.net web application using ASP.Net Membership on one hand, and an HTML page from another domain on the other hand.

Is it possible to login into the ASP.NET website via remote HTML page.

I've done this with Coldfusion before but ASP.NET membership is using a server control.

Cheers!

Solution

Underneath the Login Server Control, ASP.NET uses a MembershipProvider implementation and Forms Authentication to a user in with ASP.NET Membership. You can replicate these steps without using the Login Server Control, by manually validating the credentials and then attaching the FormsAuthentication cookie to the Response.

Here are some resources that should help you get started:

Understanding the Forms Authentication Ticket and Cookie - MSDN
Explained: Forms Authentication in ASP.NET 2.0 - MSDN
Examining ASP.NET's Membership, Roles, and Profile - 4guysfromrolla

You would also probably benefit from Reflecting on the source of the Login control, so you can gain an understanding the exact sequence of events that happens when a user logs in using the server control. This should make it easier for you to understand how to replicate that functionality for your particular use case.

As a side-note, I would recommend using a custom IHttpHandler implementation as an injection point for processing the login request, but there are many ways you can accomplish this task.

Update, I'm feeling generous, so

Below is an example handler that you could use to log a user in with ASP.NET Membership and FormsAuthentication (just like the server control).

This code assumes:

There is a mapping configured with either Routing or the web.config that will call this handler.

The requesting page has a form that points to the url/route that is mapped in the web.config or with routing, and that the form on that page contains a username input field with the name username and a password input field with the name password.

    public class LoginHandler : IHttpHandler
    {
        void IHttpHandler.ProcessRequest(HttpContext context)
        {
            string username = context.Request["username"];
            string password = context.Request["password"];
            if (!string.IsNullOrWhiteSpace(username) && !string.IsNullOrWhiteSpace(password) && Membership.Provider.ValidateUser(username, password))
            {
                FormsAuthentication.SetAuthCookie(username, true);
                RenderUserLoggedInResponse(context.Response,username);
            }
            else FormsAuthentication.RedirectToLoginPage("loginfailure=1");
        }
        private static void RenderUserLoggedInResponse(HttpResponse response, string username)
        {
            response.Write(string.Format("You have logged in successfully, {0}!", username));
            response.End();
        }

        bool IHttpHandler.IsReusable { get { return true; } }
    }

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow