To additionally secure automated login, an extra redirect can be used, so the page itself does not contain the password. Or even better and without any password exposure is a page/form which calls an agent which makes login in background and then passes the session cookie back to the initial page. But that's a topic for another blog post. Here i will show the simplest solution.
<form action="/names.nsf?Login" method="POST" name="LogonForm">
<input type="hidden" name="Username" value="myname">
<input type="hidden" name="Password" value="mypassword">
<input type="hidden" name="RedirectTo" value="/anotherdb.nsf/view?OpenView">
</form>
<script>
document.forms[0].submit();
</script>
When user opens this page, the first form gets automatically submitted to "/names.nsf?Login". User gets logged in to Domino with username and password specified in the form's fields and then redirected to another database according to the value in RedirectTo field.
Tags: Lotus Domino
5 comments:
Good idea. I knew there was a reason why it always felt safer to do things over POST than by sticking it in the URL. (I use a technique like this in my ajax libraries -- works great.)
Look at http://ezscript.nl
This can also do automated authentication in the POST data.
hmm. this didn't seem to work on my 8.5 server..I'm still prompted to login.. Does it require certain server settings?
Hi Andrei, and thanks for the ideas!
We have a custom portal for the Notes client. In this portal, we have links to various resources including some secure Domino pages.
When users click on links to these secure Domino pages, I would like them to be automatically logged in and directed to the page.
Since this is in the Notes client, I want to use LotusScript to create a reusable function for this purpose. The code for this function is listed below, but I'm not sure how to proceed. After sending the POST the responseText property contains the HTML for the targetUrl, and responseHeaders contains something like this:
"Server: Lotus-Domino
Date: Mon, 21 Sep 2009 16:01:33 GMT
Last-Modified: Mon, 21 Sep 2009 16:01:31 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 812
Cache-control: private
ETag: W/"MTAtODEwNS04NTI1NzYzODAwYRETEjMwLTAtMC1DTj1XaWxsaWFtIEhhbnNvbi9PPU1haW5saW5l"
"
How can I use the information returned by the POST to open a browser window to the correct page?
Is ETag some sort of session id that I can pass on the URL to automatically authenticate the user?
Is this even possible?
Here's my code so far...
Sub UrlOpenDominoLink(Byval host As String, Byval userName As String, Byval password As String, Byval targetUrl As String)
Dim xmlhttp As Variant
Dim content As String
content = "&redirectto=" & targetUrl & "&username=" & userName & "&password=" & password
Set xmlhttp = CreateObject("Msxml2.XMLHTTP")
Call xmlhttp.open("POST", host & "/names.nsf?login", False)
Call xmlhttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded")
Call xmlhttp.setRequestHeader("Content-length", Len(content))
xmlhttp.send(content)
Dim responseText As String, responseHeaders As String
responseText = xmlhttp.responseText
responseHeaders = xmlhttp.getAllResponseHeaders()
End Sub
酒店打工
酒店兼職
台北酒店
打工兼差
酒店工作
酒店經紀
禮服酒店
酒店兼差
酒店上班
酒店PT
酒店
酒店喝酒
酒店消費
喝花酒
粉味
喝酒
Post a Comment