|
i didn't get the point? what is out of scope?
|
|
|
|
|
You can't write to arbitrary files on a user's system from a web page. At least, you're not supposed to be able to. That IE allows it when it thinks you're a trusted site is just one of the reasons why IE has had so many ugly security problems over the years.
If you're doing automated installation or something, then consider using a login script.
But who is the king of all of these folks?
|
|
|
|
|
i think i haven't clearly stated the problem here. i am doing an integration project of two applications. one is a web-based application, which supports only javascript as it's internal scripting. the other is a custom c# application.
here when a user log's in to the web-based application i need the user-id which he uses for his web-base application getting stored in a text-file on the local system. so that when a particular even occurs the second C# applications picks up the user id of the webbapplication and uses iit for some other purpose.
|
|
|
|
|
You can't write to local files from a web page. End of story.
The C# app can, however, request and parse web pages. So, if you can make the user ID and whatever other information is necessary available via a known URL, your app can grab this. Better yet, just let the user log into the desktop app, or (since this is an intranet app), use Windows authentication and the user's network ID.
But who is the king of all of these folks?
|
|
|
|
|
Hi,
Got your point.... Can u please provide me with an example of how to pass information via a know URL. and how does my c# application know, that presently a user is logged into the web-application on the current m/c.
|
|
|
|
|
Please see the enitre problem which I stated in my previous post as reply.
|
|
|
|
|
I'll tell you how i'd do it. It's up to you to decide whether this method will work for you.
- Use the same authentication method for both the web app and the desktop app. If requiring the user to enter their authentication information twice sounds too onerous, consider using Windows Integrated Authentication[^] - the desktop app can pick up the credentials automatically (as they're the same credentials used to log on to the machine), and both IE and Firefox can be configured to pass them on to the intranet server.
- On the server, record the IP address last to send a request from each user.
- When the desktop app wants to know if the user is logged in to the web app on the same machine, it can send a request to the server, which will compare the IP for that request from the last IP logged for that user - if they're the same, then it can affirm that they are on the same machine.
But who is the king of all of these folks?
|
|
|
|
|
Thanks for your quick replies... here is the reason why I can't do what you have suggested.
The web-application is integrated with a LDAP which is UNIX bsed. and the userid used to log in to the web-application is not the same as the m/c credentials.
So I can't use the integrated authentication.
|
|
|
|
|
Judging by your other reply, that may be overkill anyway. If i'm understanding you correctly, the C# app doesn't really need to know the user's ID, it just needs to be able to open up pages without forcing the user to re-authenticate. Assuming you can use cookies to hold a session key, all you need is to design the web app such that any pages opened this way are able to pick up the previous session.
But who is the king of all of these folks?
|
|
|
|
|
yeah I have thought about using cookies. but the web-application as such doesn't create any cookies or the sessions are not based on cookies. So can I write a javascript function in the web-application (which is supported by the web-app)to create a cookie ont eh local m/c.
But how do I read these cookies using a C#. this are some of the questions which stopped me from using cookie based approach
|
|
|
|
|
zombie_storm wrote: So can I write a javascript function in the web-application (which is supported by the web-app)to create a cookie ont eh local m/c.
Yup.
zombie_storm wrote: But how do I read these cookies using a C#.
Well, i'd encourage you not to bother. Ideally, the web app would just remember that the user was logged in. Do you not have enough control over the web app to modify it such that it can pick up a user's session without needing them to specify their ID every time?
|
|
|
|
|
Alas !!! that is the main issue because of which I am running around for help I don't have control over the web-app to pick user session with out actually providing the userid ...
the only thing which I have thought of a while ago is, can we write a listener type of program in Javascript which will be embedded in the web-application. so tht when ever the web-app is opened this listener function is listening... and when the required external event occurs, my C# will contact the listener javascript function to get the userid...
it is pretty abstract idea... but i wanted your opinion the viability of this thought...
|
|
|
|
|
The simpler, the better. How about you just ask users to provide their user ID during a configuration step for the desktop app. Store it somewhere locally and be done with it - no dodgy scripting. If anyone complains, blame the authors of the web app.
|
|
|
|
|
Yeah that is the last resort which I have as of now. But just wanted to know if there can be any other work-arounds possible for my solution ...
|
|
|
|
|
If your code is for a LAN, can you use a file on your one of your servers instead of on the users machine? If it is a share that the machines you are running the second program from have access to, then it is almost the same as writing on the local machine.
A couple of years ago I did something similar where I updated an ini file on a share that was then read by a startup script on the users machine.
Just an idea.
(And just a bit of advice. That word "Urgent!!!" in your subject header has probably put a number of people off of answering your question. All questions are urgent to the poster. They are not really urgent to the people answering).
|
|
|
|
|
hi took your advice and modified the subject line. what u told about keeping a file on the server and adding userid to it is a good idea, but I can't do it in my prj. so is there an option of using javascript only and creating a text file on the client side.
|
|
|
|
|
As far as I am aware there is no way to write to a text file on the local computer using JavaScript. This would be a security problem.
I would try thinking along a different line to achieve your objective. I.E. use server side code to write to a ucl path on the local machine. For example (//localMachineName/c$/fileName.txt). You can use ldap to identify the user and the machine.
If you have to use JavaScript, then I can't help you (and I believe that there is no way to do it). Sorry.
|
|
|
|
|
I will state the entire proble statement again in a very detailed way...
1. There are two applications which I am tryting to Integrate, one is a web-based application and other is a C# based application.
2. Web-based application supports only Javascripting
3. C# based windows application resides on the local m/c
4. When ever there is a prticular event occurance, C# application has to open a particular page of the web-based application.
5. for this if there is a user presently logged into web-based application then the C# application needs to know the userid of tht user. (USERID in the sense, the userid he uses to log into the web-application)
6. Using this userid, C# application has to open a new web-page on the local m/c, for this there are particular API's in the web-based application.
So the main Issue is the C# application has to know the USERID of the currently logged in user for tht web-based application... I hope I made myself very clear now
|
|
|
|
|
OK, a couple of questions.
How does the website store the userID?
How does the website know when someone is logged in? (what authentication model are you using?)
How does your website know when someone is not logged in? Have they just closed their browser without logging out? Does this action automatically log them out?
I am assuming from what you have said that you are not using windows accounts to authenticate the user, but are making them use a different set of Username and Password to authenticate against the website.
My first suggestion is that you use ldap to control access and authentication for both of your applications. In the long run it makes things very simple. You can provide or deny access just by adding or removing them from an active directory group. You can even have multiple levels of access.
If you are unable or unwilling to do that, you could tie the AD account of your users to their web membership data and then query this from your c# application. It depends on how you have your authentication code set up.
From your outline, I would abandon trying to get the website to write to the client machine and concentrate on getting your C# application to interact with your web membership data.
|
|
|
|
|
Web-based application is integrated with an LDAP which is linux based.
authentication is against ... LDAP. this is taken care by the application.
and if the user has not looged out properly, this thing we don't need to consider.
my C# application doesn't need any kind of authentication which doesn't need any login credentials by itself, it needs the userid of the web-app so tht it can pop-out a new web-page of the same web-app so tht the user doesn't need to give his log-in credentials for the web-app.
|
|
|
|
|
If both applications are authenticated against ldap, then why can't you just pick up their userID from there? If they are different ldap's that should not be too much of a problem, you can script a custom field in your first ldap where you store the the userID of the other one. (or even - if you must - have a database table where you store both and just run a quick query)
Just an idea.
|
|
|
|
|
the problem here is the desktop or the user m/c s are shared by different users, so there is no standard set of users who will be using this web-app. it is very dynamic.
and C# application is just a windows based application, it doesn't have any database. So it has to pick up the current user who is loigged in to the web-app dynamically wt the point when it is invoked.
|
|
|
|
|
If I am reading you right,
The user logged onto the desktop is not necessarily the user who is logged onto the web app?
That sounds like a security nightmare to me!
As a first thought I would go back to a server based approach and when they authenticate to the web site, log their ldap user name and the computer name of their machine. Then when the C# app opens, find the computer name and get their ldap userID from there.
This is just first impressions, not sure what the loopholes in that may be.
Signing off now. - I Hope you get this sorted.
|
|
|
|
|
Yeah the title you gave is very apt... it is a security nightmare in deed !!!!!!!
the web-app we are talking about is a huge Enterprise Management tool which makes it hard to change the architecture of this product.
|
|
|
|
|
I teach elementary and I'm looking for a simple
tool or software to develop meaningful stories for my students.
The idea is to input data in the first page (Title) as
the student name, favorite color, food, game etc.
Then in the following pages the text in the first page will
appear in a simple sentence according to the story
events. Also pictures and graphs should be enhancing the
mini book.
Help!
Intefa
Intefa
|
|
|
|