Pass login information from an external application to the DBxtra Report Web Service
When you integrate DBxtra Web Service into another Web Application you may want to avoid a double login if your own Application has a login mechanism, this is a basic example of how you can do it, which means that you can extend it further to include other things you may need.
1.- Create a new ASP.NET Empty Web Application in Visual Studio, let’s name it DBxtraAutoLogIn.
2.- On this project add a new Web Form, let’s name it LogIn2.aspx
3.- Go to the Report Web Service physical folder (Utilities->DBxtra Repository->DBxtra Repository Path) and open the LogIn.aspx file
4.- Copy all the contents of this file into the LogIn2.aspx file
5.- Change the first line of the LogIn2.aspx file from this:
<%@ Page Language="VB" AutoEventWireup="false" Inherits="LogIn" Codebehind="LogIn.aspx.vb" %>
Into this:
<%@ Page Language="VB" AutoEventWireup="false" Inherits="LogIn2" Codebehind="LogIn2.aspx.vb" Src="~/LogIn2.aspx.vb" %>
6.- Make the LogIn2 class in the LogIn2.aspx.vb file inherits from LogIn instead of System.Web.UI.Page
7.- Create some functions in the LogIn2.aspx.vb file to get both the user name and the password from the URL:
Protected Function getUserName() As String
Return HttpContext.Current.Request.Params("user")
End Function
Protected Function getPassword() As String
Return HttpContext.Current.Request.Params("pass")
End Function
8.- In the Page_Load method add the following to print the user name and password into the page:
UserEmail.Text = getUserName()
UserPass.Attributes.Add("value", getPassword())
9.- Anywhere before the closing body tag of the LogIn2.aspx file add the following auto submit javascript code:
<script type="text/javascript" >
function autosubmit()
{
var btn = document.getElementById(‘btnSubmit’);
btn.click();
}
setTimeout("autosubmit()", 0);
</script>
10.- Test the new auto log in page, copy the LogIn2.aspx and LogIn2.aspx.vb files into the Report Web Service folder, open your browser and type an address like this:
http://localhost/DBxtra.NET/LogIn2.aspx?user=admin&pass=admin
You should be sent to the Home page of the Report Web Service logged in as the Admin user.
Adding Redirection
If you want to be redirected to some specific report after logging in, you can do as follows:
1.- Create a function in the LogIn2.aspx.vb file to get the redirection address from the URL:
Public Function getReportAddress() As String
Return Server.UrlDecode(HttpContext.Current.Request.Params("report"))
End Function
2.- In the Page_Load method add the following to store the redirection address:
Session("PageRedirect") = getReportAddress()
3.- Test your changes using an address like this, the example brings the Customer Address Book example of the DBxtra Sample project:
http://localhost/DBxtra.NET/LogIn2.aspx?user=admin&pass=admin&report=ReportView.aspx%3fId%3d87
4.- Modify your system so it passes the report address encoded for the url, this is important so the address can be parsed correctly, to do this, you can use the Server.UrlEncode function of the .NET Framework like this:
Server.UrlEncode("ReportView.aspx?Id=87")
Which will give you:
ReportView.aspx%3fId%3d87
Adding Encryption
If for some reason you don’t want the password plain visible to the end users, you can add encryption as follows:
1.- Create two functions in the LogIn2.aspx.vb file to encrypt and decrypt the password from the URL:
Public Function Encrypt(ByVal PlainText As String) As String
Dim PlainBytes() As Byte = UTF8Encoding.UTF8.GetBytes(PlainText)
Dim AesProvider As AesCryptoServiceProvider = New
AesCryptoServiceProvider()
Dim CryptoTransform As ICryptoTransform =
AesProvider.CreateEncryptor(Key, IV)
Dim MemoryEncryptedStream As MemoryStream = New MemoryStream()
Dim EncryptedStream As CryptoStream = New
CryptoStream(MemoryEncryptedStream, CryptoTransform,
CryptoStreamMode.Write)
EncryptedStream.Write(PlainBytes, 0, PlainBytes.Length)
EncryptedStream.FlushFinalBlock()
MemoryEncryptedStream.Position = 0
Dim EncryptedBytes(MemoryEncryptedStream.Length – 1) As Byte
MemoryEncryptedStream.Read(EncryptedBytes, 0,
MemoryEncryptedStream.Length)
EncryptedStream.Close()
MemoryEncryptedStream.Close()
Return Convert.ToBase64String(EncryptedBytes)
End Function
Public Function Decrypt(ByVal EncryptedText As String) As String
Dim EncryptedBytes As Byte() =
Convert.FromBase64String(EncryptedText )
Dim AesProvider As AesCryptoServiceProvider = New
AesCryptoServiceProvider()
Dim CryptoTransform As ICryptoTransform =
AesProvider.CreateDecryptor(Key, IV)
Dim MemoryDecryptedStream As MemoryStream = New MemoryStream()
Dim DecryptedStream As CryptoStream = New
CryptoStream(MemoryDecryptedStream, CryptoTransform,
CryptoStreamMode.Write)
DecryptedStream.Write(EncryptedBytes, 0, EncryptedBytes.Length)
DecryptedStream.FlushFinalBlock()
MemoryDecryptedStream.Position = 0
Dim PlainBytes(MemoryDecryptedStream.Length – 1) As Byte
MemoryDecryptedStream.Read(PlainBytes, 0,
MemoryDecryptedStream.Length)
DecryptedStream.Close()
MemoryDecryptedStream.Close()
Return UTF8Encoding.UTF8.GetString(PlainBytes)
End Function
2.- Modify the getPassword method to decrypt the password:
Protected Function getPassword() As String
Dim EncryptedPassword As String =
HttpContext.Current.Request.Params("pass")
Dim PlainPassword As String = Decrypt(EncryptedPassword)
Return PlainPassword
End Function
3.- Declare the Key and IV properties in the LogIn2 class:
Dim Key() As Byte
Dim IV() As Byte
4.- In the Page_Load method add the following before getting the password:
Key = UTF8Encoding.UTF8.GetBytes("passwordpassword")
IV = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}
This is the key and initialization vector of the encrypt/decrypt method, modify this data to suit your needs, AES keys are 128 bits (16 bytes) at least, AES initialization vectors are 128 bits (16 bytes) always.
5.- Test your changes using an address like this:
http://localhost/DBxtra.NET/LogIn2.aspx?user=admin&pass=BxfefLT0n5lgb6wrRKLc/Q==
Which will log in you as the Admin user, using the “admin” password.
Download the example files from here!