Hi...maybe someone can help me please
At my job there is a web page developed in ASP, there is a client zone where the clients uses their username and password and there they can see a list of their documents, such as invoices or checks that are PDF files.
My boss what to send an email to every client telling them that they have a new document and send a link so they can click on it and go to see the document or maybe just go to the list of documents.
The link we send to them must have the username and password so they can automatically access to that part of the web...
Please help me to do this...
My job depends on it hhehee
thanks

xoxo
Dee

The link we send to them must have the username and password so they can automatically access to that part of the web...

It's very bad practice to send any links with account information in them. It leads to a ton of security flaws, and it's a very basic no-no of webapp security practice.

What I would recommend you do is direct them to your login page and append a QueryString value of something like www.domain.com/login.asp?target=newdoc. Then after a user has logged in and before you redirect them to your login landing page, redirect them to the new document.

Make sense?

Kuriyama explained fine

or make some sample page or send him to some link where generate session first for that guest user and redirect to the page

http://www.zahipedia.com

thanks for your answer, I think the same as you, but my boss found somewhere a link that includes his id and password and get him directly to his account, that why he asked me for that...Is there a chance that maybe you can explain me how to do it, or if not I can say to him what you told me...
Other thing...maybe can you help me how to send a link to a PDF document???
That could be another solution, that we send to the client a link to the new document...and they click and can see it

Thanx
xoxo
Dee

I do not think that attaching the PDFas an attachment is a good idea. Typically PDF documents are rather large in size, and nothing pisses off a customer more than having to download an email with a large attachment. Also, many free email services such as gmail and yahoo have restrictions on attachment file size and number of attachments.

What I would do is create a page that serves protected files to a user that has already authenticated(logged in) with your website. There would be 2 parts to this, and the first one I have already explained but I will give a simple coding examples.

Login.asp - Your file that handles login a user into your website. This should already be built.

<%
if Request("submit") <> "" then
'validation of incoming data goes here.
'Hit your datasource(SQL) to make sure username and password are good.

'Woohoo user successfully authenticated
if success then
Select Case Request("target")
Case "newpdf"
Response.Redirect("serveProtectedFile.asp") 'This is the file in your email. I will give an example of what this file needs to do later.
Case Else
Response.Redirect("account.asp") 'This is where you would typically redirect a user. Your login page should already be doing this.
End Select
'Doh user didn't authenticate throw error message
else
errorMessage = "login failed"
end if
end if
%>
<form action="login.asp" method="post">
<input type="hidden" name="target" value="<%=Server.HTMLEncode(Request("target")) %>" />
username: <input type="text" name="userid" /><br />
password: <input type="text" name="pass" /><br />
<input type="submit" name="submit" value="Submit" />
</form>

Step 2:

Since that PDF contains some sensitive data you will want to make sure that you move it into a protected folder on your web server. This file shouldn't be accessible unless a user is logged in, meaning you don't want someone to be able to manually type in a URL and start getting other customer data.

You want to create an ASP page that acts as a protected file serving page. This file will be able to reach into the protected directory and serve files only if the user has authenticated with your web app first.

Here is a quick and dirty example of how it will work.


<%
if userLoggedin then

Response.redirect("pdffile.pdf") 'your pdf files location here.
else
Response.redirect("login.asp")
end if
%>


This is the quick and dirty way of doing this. It's more of a conceptual exercise and you will need to edit some of the code to get this to work. Apply this concept to your problem.

hey thaks I will try it...
But I don't want to send a PDF, I was asking if you know how to send a link and with that link the client can access to the PDF that is on our server, but I am going to try this that you sent me thanks so so so much, if I have some question I'll post it...
THAAAAAAAAAAAAAAAAAAAAANKS
xoxo
Dee

But I don't want to send a PDF, I was asking if you know how to send a link and with that link the client can access to the PDF that is on our server

You aren't sending the PDF file via email. My solution to this product is to send your customer a link to your login page with a query string value at the end of it. Upon successful login they will see the PDF file.

This is the best I can do, without knowing the details about your web site..

I think very simple way is the first one and what your boss is saying.

let do this way.

1) Send Login/Password as link in the email.

http://www.yourdoamin.com/login.asp?login&password=password

to secure password use some MD5 or some other method to make to password encrypted

Login Page check the username/password and redirect whereever you wants .

This way he can access the account .etc

In case of Guest send him in some ........standards files .

Hopes i Help you

Technology News (http://www.zahipedia.com)

Thanks for your help...
I was trying the url as you told me....
but it doesnt work, it send me to the same page to login...
I have text boxes to put the id and password and on the code the names are UserEmail and UserPass and to validate them we put on the query "UserEmail.Text.Toupper & UserPass.Text.Toupper"
Is that maybe the problem?

Try code hopes it wil help you




//parameter wil be in query string






if($_GET["login"]!="" && $_GET["password"]!="")
{

$login=$_GET["login"];
$password=$_GET["password"];


//validate code here if login/paswrod is right then forward to welcomepage etc else on login page.

}




Nokia to build laptops in near future (http://www.zahipedia.com/2009/03/02/nokia-to-build-laptops-in-near-future/)

Thanx guys for your help I did it, I use that steing to send the user and password as a link and made some changes at the code and now is working
Thanx a lot

XOXO
DEE

Welcome dude

Safari 4 beta launch by Apple (http://www.zahipedia.com/2009/03/05/safari-4-beta-launch-by-apple/)