I am trying to download content of a page and convert it to a PDF using HiQPdf, however the page I am trying to access requires login permissions. When I run the code to try and download the content it displays the login page saying you do not have authentication to access this page.
Is it possible to send authentication with HiQPfd?
I was thinking of sending a parameter which lets you view the data temporally but any user could abuse this to view other users data
htmlToPdfConverter.Authentication.Username = "username";
htmlToPdfConverter.Authentication.Password = "password";
I was thinking that I could have the page accept two parameters, username and password and if they are authenticated, give access to the page.
Check out the FAQ: http://www.hiqpdf.com/FAQs.aspx
Once a user is authenticated, Forms Authentication maintains an authentication ticket in a cookie or in the URL so that an authenticated user does not need to supply credentials with each request. When you are already authenticated and you want to convert a page of the same application you can simply set the authentication cookie before converting the web page. The converter can be set to send the authentication cookie to the web server. A simple code to create a HTML to PDF converter object, set the forms authentication cookie and convert an URL to a memory buffer is given below:
HtmlToPdf htmlToPdfConverter = new HtmlToPdf();
htmlToPdfConverter.HttpCookies.AddCookie(
FormsAuthentication.FormsCookieName,
Request.Cookies[FormsAuthentication.FormsCookieName].Value
);
Related
I developed an ASP.Net website with cookie authentication.
After reading about CSRF attacks I decided to change my website to work with token authentication which will be saved in the client side.
So what I have done is:
used logins
user receives a token and saves it in the sessionStorage
user sends the token in the header of each API requests.
This works great.
Now the one thing that is missing for me is the page loads, meaning if a user tries to access a page before he is logged-in it should redirect him to the login page. This is something I want to do obviously before the page is loaded, for example before i had this code in the Site.Master:
if (!AuthCookieValidator.IsValid(HttpContext.Current))
{
s_Logger.Info("the user is not authenticated, logging out!");
Response.Redirect("/Login");
}
But now I can't implement this logic unless i keep both session based token + client side token.
What's the solution here?
So my solution is like so:
User logins
User receives a token and saves it in the sessionStorage
User sends the token in the header of each API requests.
If the user tries to reach a url directly, before the react code starts to render the page it will send an authentication check request with the token and render accordingly.
Any comments are appreciated about my approach
I currently have a sign up link on my Idsrv login page that redirects to MVC signup pages hosted on same pipeline as Idsrv. The sign-up flow is as follows:
Create acccount (email & password) and save to DB.
Select subscription and purchase it (storing purchase info in DB with userId).
Redirect back to client app
In the past the sign up link on the login page would bring the user to the account creation page and after they entered in email & password I would issue an Idsrv login cookie using this code:
var login = new AuthenticatedLogin
{
IdentityProvider = IdentityServer3.Core.Constants.BuiltInIdentityProvider,
Subject = user.Id,
Name = user.UserName
};
this.Request.GetOwinContext().Environment.IssueLoginCookie(login);
The subscription & purchase pages were decorated with [IdentityServerFullLogin] attributes to ensure only authorized users accessed them.
I have since added external login support and am using Partial Login to redirect a new external user to this signup sequence before completing their local account setup. The problem I'm running into is now I have [IdentityServerPartialLogin] and [IdentityServerFullLogin] attributes that need to be on the same controller methods which obviously doesn't work. I'm wondering how to modify my original sign up sequence (using sign up link) to use partial login instead of full login and issuing a full-login cookie. It seems like there needs to be an Environment.IssuePartialLoginCookie() method to accomplish what I need to do but am not sure how to proceed.
You'd have to change how you perform your authorization. Instead of using those attributes, you would do it explicitly/manually in the action methods themselves. There are easy OWIN extension methods to learn if the user has either of those two login types: https://identityserver.github.io/Documentation/docsv2/advanced/owin.html
I have a webpage which is windows forms authenticated ,and i want to download a copy of this page's HTML in to my server, when user request this page. I have tried something like this
using (WebClient client = new WebClient())
{
string htmlCode = client.DownloadString("http://aksphases:200/lynliste.aspx");
}
which doesn't gives me correct result because of the URL I had passes to system creates new session.And in that case i need to authenticate this web-request,which I can't do.Only way to authenticate this webpage is that user log in manually(I know ways to authenticate werequests by code,but I can't try that here for some special reasons). Is there any other way for me to download current page's HTML which is running in in browser with out authenticating the URL.
You could send the current forms authentication cookie along with the request:
using (WebClient client = new WebClient())
{
client.Headers[HttpRequestHeader.Cookie] =
System.Web.HttpContext.Current.Request.Headers["Cookie"];
string htmlCode = client.DownloadString("http://aksphases:200/lynliste.aspx");
}
This way we are basically transferring the current HTTP request cookies to the remote HTTP call.
If the web server does not allow anonymous access then there is no way around - you must authenticate yourself with the web site.
However, contrary to your belief that log on operation has to be done manually, it can be done via code also. In case of windows authentication, pass credentials via Credentials property. For Forms authentication, you need to POST log-on credentials to login page and then use the authentication cookie from the response in subsequent request (Use tool such fiddler to inspect request/responses from browser to replicate same within your code).
Is it possible to prompt a log in to authenticate based on a querystring value?
I have a site requiring authentication, except in the case when a token is passed in the querystring. A requirement is that the token users already log in to a thick client and they must only log in once. From the client they click a generated link with a token in query string to open the web page. The site must also be available to non-thick client users by opening directly in browser and authenticating via prompt.
Please don't authenticate via the query string. Force a login and let the user select a context to run under.
How about:
on page load you can check for the login=.
Do your check with the third party app to see if the token is correct. Afther that:
Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
FormsAuthentication.SetAuthCookie("username", false);
Response.Redirect("samepage.aspx");
I am creating an application in which I am using Live Id authentication. When the user tries to access an authenticated page, I am redirecting the user to Live Id sign in page. Is it possible to return the user to the previously asked page (from which he was redirected). Some thing like return URL.
Actually I want to pass some data in query string to webauth-handler.aspx page when the user successfully logs in. Can any body tell me how to pass query string to webauth-handler.aspx?
Thanks
Ashwani
When the user tries to acces a page that needs authenticated (prior to redirection) save the returnUrl to a Session Variable:
Session["MyReturnUrl"] = Request.QueryString["ReturnURL"];
You would have set up your Live Authentication Settings to always redirect to a certain page on your site if authentication is successfull, on that page you will simply do the following:
//Set Authentication cookie here then redirect to previously requested url
Response.Redirect(Session["MyReturnUrl"]);
I fixed this by saving the return url in cookie and then checking if the cookie is present to do the redirection.