|
zombie_storm wrote: So can I write a javascript function in the web-application (which is supported by the web-app)to create a cookie ont eh local m/c.
Yup.
zombie_storm wrote: But how do I read these cookies using a C#.
Well, i'd encourage you not to bother. Ideally, the web app would just remember that the user was logged in. Do you not have enough control over the web app to modify it such that it can pick up a user's session without needing them to specify their ID every time?
|
|
|
|
|
Alas !!! that is the main issue because of which I am running around for help I don't have control over the web-app to pick user session with out actually providing the userid ...
the only thing which I have thought of a while ago is, can we write a listener type of program in Javascript which will be embedded in the web-application. so tht when ever the web-app is opened this listener function is listening... and when the required external event occurs, my C# will contact the listener javascript function to get the userid...
it is pretty abstract idea... but i wanted your opinion the viability of this thought...
|
|
|
|
|
The simpler, the better. How about you just ask users to provide their user ID during a configuration step for the desktop app. Store it somewhere locally and be done with it - no dodgy scripting. If anyone complains, blame the authors of the web app.
|
|
|
|
|
Yeah that is the last resort which I have as of now. But just wanted to know if there can be any other work-arounds possible for my solution ...
|
|
|
|
|
If your code is for a LAN, can you use a file on your one of your servers instead of on the users machine? If it is a share that the machines you are running the second program from have access to, then it is almost the same as writing on the local machine.
A couple of years ago I did something similar where I updated an ini file on a share that was then read by a startup script on the users machine.
Just an idea.
(And just a bit of advice. That word "Urgent!!!" in your subject header has probably put a number of people off of answering your question. All questions are urgent to the poster. They are not really urgent to the people answering).
|
|
|
|
|
hi took your advice and modified the subject line. what u told about keeping a file on the server and adding userid to it is a good idea, but I can't do it in my prj. so is there an option of using javascript only and creating a text file on the client side.
|
|
|
|
|
As far as I am aware there is no way to write to a text file on the local computer using JavaScript. This would be a security problem.
I would try thinking along a different line to achieve your objective. I.E. use server side code to write to a ucl path on the local machine. For example (//localMachineName/c$/fileName.txt). You can use ldap to identify the user and the machine.
If you have to use JavaScript, then I can't help you (and I believe that there is no way to do it). Sorry.
|
|
|
|
|
I will state the entire proble statement again in a very detailed way...
1. There are two applications which I am tryting to Integrate, one is a web-based application and other is a C# based application.
2. Web-based application supports only Javascripting
3. C# based windows application resides on the local m/c
4. When ever there is a prticular event occurance, C# application has to open a particular page of the web-based application.
5. for this if there is a user presently logged into web-based application then the C# application needs to know the userid of tht user. (USERID in the sense, the userid he uses to log into the web-application)
6. Using this userid, C# application has to open a new web-page on the local m/c, for this there are particular API's in the web-based application.
So the main Issue is the C# application has to know the USERID of the currently logged in user for tht web-based application... I hope I made myself very clear now
|
|
|
|
|
OK, a couple of questions.
How does the website store the userID?
How does the website know when someone is logged in? (what authentication model are you using?)
How does your website know when someone is not logged in? Have they just closed their browser without logging out? Does this action automatically log them out?
I am assuming from what you have said that you are not using windows accounts to authenticate the user, but are making them use a different set of Username and Password to authenticate against the website.
My first suggestion is that you use ldap to control access and authentication for both of your applications. In the long run it makes things very simple. You can provide or deny access just by adding or removing them from an active directory group. You can even have multiple levels of access.
If you are unable or unwilling to do that, you could tie the AD account of your users to their web membership data and then query this from your c# application. It depends on how you have your authentication code set up.
From your outline, I would abandon trying to get the website to write to the client machine and concentrate on getting your C# application to interact with your web membership data.
|
|
|
|
|
Web-based application is integrated with an LDAP which is linux based.
authentication is against ... LDAP. this is taken care by the application.
and if the user has not looged out properly, this thing we don't need to consider.
my C# application doesn't need any kind of authentication which doesn't need any login credentials by itself, it needs the userid of the web-app so tht it can pop-out a new web-page of the same web-app so tht the user doesn't need to give his log-in credentials for the web-app.
|
|
|
|
|
If both applications are authenticated against ldap, then why can't you just pick up their userID from there? If they are different ldap's that should not be too much of a problem, you can script a custom field in your first ldap where you store the the userID of the other one. (or even - if you must - have a database table where you store both and just run a quick query)
Just an idea.
|
|
|
|
|
the problem here is the desktop or the user m/c s are shared by different users, so there is no standard set of users who will be using this web-app. it is very dynamic.
and C# application is just a windows based application, it doesn't have any database. So it has to pick up the current user who is loigged in to the web-app dynamically wt the point when it is invoked.
|
|
|
|
|
If I am reading you right,
The user logged onto the desktop is not necessarily the user who is logged onto the web app?
That sounds like a security nightmare to me!
As a first thought I would go back to a server based approach and when they authenticate to the web site, log their ldap user name and the computer name of their machine. Then when the C# app opens, find the computer name and get their ldap userID from there.
This is just first impressions, not sure what the loopholes in that may be.
Signing off now. - I Hope you get this sorted.
|
|
|
|
|
Yeah the title you gave is very apt... it is a security nightmare in deed !!!!!!!
the web-app we are talking about is a huge Enterprise Management tool which makes it hard to change the architecture of this product.
|
|
|
|
|
I teach elementary and I'm looking for a simple
tool or software to develop meaningful stories for my students.
The idea is to input data in the first page (Title) as
the student name, favorite color, food, game etc.
Then in the following pages the text in the first page will
appear in a simple sentence according to the story
events. Also pictures and graphs should be enhancing the
mini book.
Help!
Intefa
Intefa
|
|
|
|
|
Hello Friends,
I'm putting javascript validations in Master Page's Content Page as given below and also it is working great.
function validate1()
{
if(document.getElementById("<%=txtOldPassword.ClientID %>").value=="")
{
window.alert("Please Enter Old Password");
document.getElementById("<%=txtOldPassword.ClientID %>").focus();
return false;
}
}
But a problem raise when i use this piece of code in <b>.js</b> file
and give the path as given below......
<b>
<script language="javascript" src="../Script/Validations_Login.js">
</script>
</b>
|
|
|
|
|
But what is the problem ????
|
|
|
|
|
First of all, actually i've to ask this question in ASP.NET block
I dont know the problem but there is a Error on Page that is object required
|
|
|
|
|
Put the javascript code in the MasterPage itself and not in the content page.
Thanks
Laddie
Kindly rate if the answer was helpful
|
|
|
|
|
which code ?????????
if u r talking about my javascript validation(s) code then i've already explained it tht it's working fine if i put the code in the content page. But if i put this code in the .js(javascript file) and provide the src from the content page then it doesnt work properly......
Plz explain
Thnx
|
|
|
|
|
You're asking an ASP question in the WebDev forum. There's an ASP.NET forum. Please ask future such questions there.
And your code is breaking 'cause ASP doesn't process JS files. So the bits between <% and %> don't get turned into element IDs like you need them to be.
---- ...the wind blows over it and it is gone, and its place remembers it no more...
|
|
|
|
|
Shog9 wrote: And your code is breaking 'cause ASP doesn't process JS files.
Besides, even if the js files were processed, the server code refers to controls that are in the page, not in the js file.
Despite everything, the person most likely to be fooling you next is yourself.
|
|
|
|
|
Yeah. I got the impression he thought it operated like a server-side include where the contents of the file was inserted prior to processing or something.
But who is the king of all of these folks?
|
|
|
|
|
Hello guys.
I have an update problem that with my logoncheck.asp and when I googled the problem I found out it might be permission problems on the database.
Now I have tried to grant permission on the database folder properties to allow read/write, but I still get the same error.
Is there another way I can use to maybe grant this permission.Unless there is something else Im doing wrong.
The error is Error # -2147467259 Operation must use an updateable query.
SQL = UPDATE tbl_employees SET lastlogin = #29-Feb-2008# WHERE employeelogin = 'SIPHOSIBUYANE'
Code is :
]]>
"" and request.Cookies("shark_password") <> "" and request.form("ccokie") <> "false" then
strUserid = request.Cookies("shark_user_id")
strPassword = request.Cookies("shark_password")
boolFromCookie = True
end if
end if
'-----------------------------------------------------
'-----------------------------------------------------
'Level 1 Basic Validation Testing
'-----------------------------------------------------
'-----------------------------------------------------
'Test for Entry of Member ID prior to Running Search
'-----------------------------------------------------
if (strUserID="") then ' Member ID Entered
session("msg") = " " & dictLanguage("Error_NoUserID") & ""
Response.Redirect "default.asp?opt=1"
'Run Search
'-----------------------------------------------------
else 'Run Database Lookup
sql = sql_GetEmployeesByLogin(strUserID)
'response.write sql & " "
Set rs = Server.CreateObject("ADODB.RecordSet")
rs.open sql, conn, 3, 3
end if
'-----------------------------------------------------
'-----------------------------------------------------
'Level 2 Validation Testing
'-----------------------------------------------------
'-----------------------------------------------------
'Member ID Entered Now Run Search for Record
'-------------------------------------------
If rs.eof Then 'No Record Found, Bad ID
rs.close
session("msg") = " " & dictLanguage("Error_NoUser") & " " & strUserid & ". " & dictLanguage("Please_Try_Again") & ""
Response.Redirect "default.asp?opt=1"
'Customer Record Found Now Check Password
'-----------------------------------------
elseif not Ucase(strPassword) = Ucase(rs("password")) then
rs.close
session("msg") = " " & dictLanguage("Error_InvalidPass") & " " & dictLanguage("Please_Try_Again") & ""
Response.Redirect "default.asp?opt=1"
'Check for inactive status
'-------------------------------------------
elseif rs("active") <> 1 and not rs("active") then
rs.close
session("msg") = " " & dictLanguage("Error_InactiveAcct") & ""
Response.Redirect "default.asp?opt=1"
'-----------------------------------------------------
'-----------------------------------------------------
' Step 3. Success Logon Approved
'-----------------------------------------------------
'-----------------------------------------------------
else
'check their permissions
sql = sql_GetEmployeesPermissionsByID(rs("Employee_ID"))
Call RunSQL(sql, rsPerms)
if not rsPerms.eof then
'give them the permissions they have been assigned
if rsPerms("permAll")=1 or rsPerms("permAll") then
'let them do everything
session("permAdmin") = TRUE
session("permAdminCalendar") = TRUE
session("permAdminDatabaseSetup") = TRUE
session("permAdminEmployees") = TRUE
session("permAdminEmployeesPerms") = TRUE
session("permAdminFileRepository") = TRUE
session("permAdminForum") = TRUE
session("permAdminNews") = TRUE
session("permAdminResources") = TRUE
session("permAdminSurveys") = TRUE
session("permAdminThoughts") = TRUE
session("permClientsAdd") = TRUE
session("permClientsEdit") = TRUE
session("permClientsDelete") = TRUE
session("permProjectsAdd") = TRUE
session("permProjectsEdit") = TRUE
session("permProjectsDelete") = TRUE
session("permTasksAdd") = TRUE
session("permTasksEdit") = TRUE
session("permTasksDelete") = TRUE
session("permTimecardsAdd") = TRUE
session("permTimecardsEdit") = TRUE
session("permTimecardsDelete") = TRUE
session("permTimesheetsEdit") = TRUE
session("permForumAdd") = TRUE
session("permRepositoryAdd") = TRUE
session("permPTOAdmin") = TRUE
elseif rsPerms("permAdminAll")=1 or rsPerms("permAdminAll") then
'give them permissions to all admin tasks
session("permAdmin") = TRUE
session("permAdminCalendar") = TRUE
session("permAdminDatabaseSetup") = TRUE
session("permAdminEmployees") = TRUE
session("permAdminEmployeesPerms") = TRUE
session("permAdminFileRepository") = TRUE
session("permAdminForum") = TRUE
session("permAdminNews") = TRUE
session("permAdminResources") = TRUE
session("permAdminSurveys") = TRUE
session("permAdminThoughts") = TRUE
end if
'get individual admin permissions
session("permAdmin") = rsPerms("permAdmin")
session("permAdminCalendar") = rsPerms("permAdminCalendar")
session("permAdminDatabaseSetup") = rsPerms("permAdminDatabaseSetup")
session("permAdminEmployees") = rsPerms("permAdminEmployees")
session("permAdminEmployeesPerms") = rsPerms("permAdminEmployeesPerms")
session("permAdminFileRepository") = rsPerms("permAdminFileRepository")
session("permAdminForum") = rsPerms("permAdminForum")
session("permAdminNews") = rsPerms("permAdminNews")
session("permAdminResources") = rsPerms("permAdminResources")
session("permAdminSurveys") = rsPerms("permAdminSurveys")
session("permAdminThoughts") = rsPerms("permAdminThoughts")
session("permClientsAdd") = rsPerms("permClientsAdd")
session("permClientsEdit") = rsPerms("permClientsEdit")
session("permClientsDelete") = rsPerms("permClientsDelete")
session("permProjectsAdd") = rsPerms("permProjectsAdd")
session("permProjectsEdit") = rsPerms("permProjectsEdit")
session("permProjectsDelete") = rsPerms("permProjectsDelete")
session("permTasksAdd") = rsPerms("permTasksAdd")
session("permTasksEdit") = rsPerms("permTasksEdit")
session("permTasksDelete") = rsPerms("permTasksDelete")
session("permTimecardsAdd") = rsPerms("permTimecardsAdd")
session("permTimecardsEdit") = rsPerms("permTimecardsEdit")
session("permTimecardsDelete") = rsPerms("permTimecardsDelete")
session("permTimesheetsEdit") = rsPerms("permTimesheetsEdit")
session("permForumAdd") = rsPerms("permForumAdd")
session("permRepositoryAdd") = rsPerms("permRepositoryAdd")
session("permPTOAdmin") = rsPerms("permPTOAdmin")
for each i in session.Contents
if session(i)<>"" then
if len(session(i))>4 then
if left(session(i),4) = "perm" then
if session(i) = 1 or session(i) = -1 then
session(i) = TRUE
elseif session(i) = 0 then
session(i) = FALSE
end if
end if
end if
end if
next
'check to see if they have any admin permissions at all, if so give them access to
' the admin folder
if session("permAdminCalendar") or session("permAdminDatabaseSetup") or _
session("permAdminEmployees") or session("permAdminFileRepository") or _
session("permAdminForum") or session("permAdminNews") or session("permAdminResources") or _
session("permAdminEmployeesPerms") or session("permAdminSurveys") or session("permAdminThoughts") then
session("permAdmin") = TRUE
end if
else
session("permAdmin") = FALSE
session("permAdminCalendar") = FALSE
session("permAdminDatabaseSetup") = FALSE
session("permAdminEmployees") = FALSE
session("permAdminEmployeesPerms") = FALSE
session("permAdminFileRepository") = FALSE
session("permAdminForum") = FALSE
session("permAdminNews") = FALSE
session("permAdminResources") = FALSE
session("permAdminSurveys") = FALSE
session("permAdminThoughts") = FALSE
session("permClientsAdd") = FALSE
session("permClientsEdit") = FALSE
session("permClientsDelete") = FALSE
session("permProjectsAdd") = FALSE
session("permProjectsEdit") = FALSE
session("permProjectsDelete") = FALSE
session("permTasksAdd") = FALSE
session("permTasksEdit") = FALSE
session("permTasksDelete") = FALSE
session("permTimecardsAdd") = TRUE 'we want them to be able to add time right?
session("permTimecardsEdit") = FALSE
session("permTimecardsDelete") = FALSE
session("permTimesheetsEdit") = FALSE
session("permForumAdd") = FALSE
session("permRepositoryAdd") = FALSE
session("permPTOAdmin") = FALSE
end if
rsPerms.close
set rsPerms = nothing
session("logonstatus") = 1
session("userid") = Ucase(rs("EmployeeLogin"))
session("employee_id") = rs("Employee_ID")
if gsAutoLogin then
if not boolFromCookie then
Response.Cookies("shark_user_id") = session("userid")
Response.Cookies("shark_user_id").expires = #12/31/2010 00:00:00#
Response.Cookies("shark_employee_id") = session("userid")
Response.Cookies("shark_employee_id").expires = #12/31/2010 00:00:00#
Response.Cookies("shark_password") = request.form("password")
Response.Cookies("shark_password").expires = #12/31/2010 00:00:00#
else
session("cookieMessage") = dictLanguage("User") & " " & request.Cookies("shark_user_id") & " " & dictLanguage("logged_on") & " [" & Now() & "] " & dictLanguage("click") & " " & dictLanguage("here") & " " & dictLanguage("logon_diff_user") & "."
end if
end if
sql = sql_UpdateEmployeesLastLogin(now(), strUserID)
Call DoSQL(sql)
rs.close
response.redirect "main.asp"
end if
rs.close
%>]]>
kagiso
|
|
|
|
|
Hi I also face the same problem while uploading my first web site, see if your program or webpage executes perfectly in offline mode then there are no problem with the code.
This type of error occor mostly due to read write permission of the database, of it could the cause of cookies and caching and in this case try again after removing the cokkies and offline content from your system.
With Regards
Yogesh Agarwal
|
|
|
|