Results 1 to 13 of 13

Thread: Link that includes id and password to an asp page

  1. #1
    Join Date
    Mar 2009

    Question Link that includes id and password to an asp page

    Hi...maybe someone can help me please
    At my job there is a web page developed in ASP, there is a client zone where the clients uses their username and password and there they can see a list of their documents, such as invoices or checks that are PDF files.
    My boss what to send an email to every client telling them that they have a new document and send a link so they can click on it and go to see the document or maybe just go to the list of documents.
    The link we send to them must have the username and password so they can automatically access to that part of the web...
    Please help me to do this...
    My job depends on it hhehee


  2. #2
    Join Date
    Dec 2007
    Dayton, OH
    The link we send to them must have the username and password so they can automatically access to that part of the web...
    It's very bad practice to send any links with account information in them. It leads to a ton of security flaws, and it's a very basic no-no of webapp security practice.

    What I would recommend you do is direct them to your login page and append a QueryString value of something like www.domain.com/login.asp?target=newdoc. Then after a user has logged in and before you redirect them to your login landing page, redirect them to the new document.

    Make sense?

  3. #3
    Join Date
    Feb 2009
    Kuriyama explained fine

    or make some sample page or send him to some link where generate session first for that guest user and redirect to the page


  4. #4
    Join Date
    Mar 2009

    Question link with id

    thanks for your answer, I think the same as you, but my boss found somewhere a link that includes his id and password and get him directly to his account, that why he asked me for that...Is there a chance that maybe you can explain me how to do it, or if not I can say to him what you told me...
    Other thing...maybe can you help me how to send a link to a PDF document???
    That could be another solution, that we send to the client a link to the new document...and they click and can see it


  5. #5
    Join Date
    Dec 2007
    Dayton, OH
    I do not think that attaching the PDFas an attachment is a good idea. Typically PDF documents are rather large in size, and nothing pisses off a customer more than having to download an email with a large attachment. Also, many free email services such as gmail and yahoo have restrictions on attachment file size and number of attachments.

    What I would do is create a page that serves protected files to a user that has already authenticated(logged in) with your website. There would be 2 parts to this, and the first one I have already explained but I will give a simple coding examples.

    Login.asp - Your file that handles login a user into your website. This should already be built.
        if Request("submit") <> "" then
            'validation of incoming data goes here.
            'Hit your datasource(SQL) to make sure username and password are good.
            'Woohoo user successfully authenticated
            if success then            
                Select Case Request("target")
                    Case "newpdf"
                        Response.Redirect("serveProtectedFile.asp") 'This is the file in your email.  I will give an example of what this file needs to do later.
                    Case Else
                        Response.Redirect("account.asp") 'This is where you would typically redirect a user.  Your login page should already be doing this.
                End Select
            'Doh user didn't authenticate throw error message
                errorMessage = "login failed"
            end if        
        end if
     <form action="login.asp" method="post">
        <input type="hidden" name="target" value="<%=Server.HTMLEncode(Request("target")) %>" />
        username: <input type="text" name="userid" /><br />
        password: <input type="text" name="pass" /><br />
        <input type="submit" name="submit" value="Submit" />

  6. #6
    Join Date
    Dec 2007
    Dayton, OH
    Step 2:

    Since that PDF contains some sensitive data you will want to make sure that you move it into a protected folder on your web server. This file shouldn't be accessible unless a user is logged in, meaning you don't want someone to be able to manually type in a URL and start getting other customer data.

    You want to create an ASP page that acts as a protected file serving page. This file will be able to reach into the protected directory and serve files only if the user has authenticated with your web app first.

    Here is a quick and dirty example of how it will work.

        if userLoggedin then
            Response.redirect("pdffile.pdf") 'your pdf files location here.
        end if
    This is the quick and dirty way of doing this. It's more of a conceptual exercise and you will need to edit some of the code to get this to work. Apply this concept to your problem.

  7. #7
    Join Date
    Mar 2009

    Question link with id

    hey thaks I will try it...
    But I don't want to send a PDF, I was asking if you know how to send a link and with that link the client can access to the PDF that is on our server, but I am going to try this that you sent me thanks so so so much, if I have some question I'll post it...

  8. #8
    Join Date
    Dec 2007
    Dayton, OH
    Quote Originally Posted by daysiteteins View Post
    But I don't want to send a PDF, I was asking if you know how to send a link and with that link the client can access to the PDF that is on our server
    You aren't sending the PDF file via email. My solution to this product is to send your customer a link to your login page with a query string value at the end of it. Upon successful login they will see the PDF file.

    This is the best I can do, without knowing the details about your web site..

  9. #9
    Join Date
    Feb 2009
    I think very simple way is the first one and what your boss is saying.

    let do this way.

    1) Send Login/Password as link in the email.


    to secure password use some MD5 or some other method to make to password encrypted

    Login Page check the username/password and redirect whereever you wants .

    This way he can access the account .etc

    In case of Guest send him in some ........standards files .

    Hopes i Help you

    Technology News

  10. #10
    Join Date
    Mar 2009

    Question Link to a document

    Thanks for your help...
    I was trying the url as you told me....
    but it doesnt work, it send me to the same page to login...
    I have text boxes to put the id and password and on the code the names are UserEmail and UserPass and to validate them we put on the query "UserEmail.Text.Toupper & UserPass.Text.Toupper"
    Is that maybe the problem?

  11. #11
    Join Date
    Feb 2009
    Try code hopes it wil help you

    PHP Code:

    //parameter wil be in query string

    if($_GET["login"]!="" && $_GET["password"]!="")


    //validate code here if login/paswrod is right then forward to welcomepage etc else on login page.

    Nokia to build laptops in near future

  12. #12
    Join Date
    Mar 2009

    Smile Link to a document

    Thanx guys for your help I did it, I use that steing to send the user and password as a link and made some changes at the code and now is working
    Thanx a lot


  13. #13
    Join Date
    Feb 2009

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center



X vBulletin 4.2.2 Debug Information

  • Page Generation 0.16745 seconds
  • Memory Usage 2,978KB
  • Queries Executed 13 (?)
More Information
Template Usage (35):
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_global_above_footer
  • (1)ad_global_below_navbar
  • (1)ad_global_header1
  • (1)ad_global_header2
  • (1)ad_navbar_below
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)ad_thread_first_post_content
  • (1)ad_thread_last_post_content
  • (2)bbcode_code
  • (1)bbcode_php
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)headinclude_bottom
  • (13)memberaction_dropdown
  • (1)navbar
  • (4)navbar_link
  • (1)navbar_moderation
  • (1)navbar_noticebit
  • (1)navbar_tabs
  • (2)option
  • (13)postbit
  • (13)postbit_onlinestatus
  • (13)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available (6):
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files (26):
  • ./showthread.php
  • ./global.php
  • ./includes/class_bootstrap.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/functions_navigation.php
  • ./includes/class_friendly_url.php
  • ./includes/class_hook.php
  • ./includes/class_bootstrap_framework.php
  • ./vb/vb.php
  • ./vb/phrase.php
  • ./includes/functions_facebook.php
  • ./includes/functions_calendar.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_notice.php
  • ./packages/vbattach/attach.php
  • ./vb/types.php
  • ./vb/cache.php
  • ./vb/cache/db.php
  • ./vb/cache/observer/db.php
  • ./vb/cache/observer.php 

Hooks Called (71):
  • init_startup
  • friendlyurl_resolve_class
  • init_startup_session_setup_start
  • database_pre_fetch_array
  • database_post_fetch_array
  • init_startup_session_setup_complete
  • global_bootstrap_init_start
  • global_bootstrap_init_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • load_show_variables
  • load_forum_show_variables
  • global_state_check
  • global_bootstrap_complete
  • global_start
  • style_fetch
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • strip_bbcode
  • friendlyurl_clean_fragment
  • friendlyurl_geturl
  • forumjump
  • cache_templates
  • cache_templates_process
  • template_register_var
  • template_render_output
  • fetch_template_start
  • fetch_template_complete
  • parse_templates
  • fetch_musername
  • notices_check_start
  • notices_noticebit
  • process_templates_complete
  • friendlyurl_redirect_canonical
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • memberaction_dropdown
  • tag_fetchbit
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • build_navigation_data
  • build_navigation_array
  • check_navigation_permission
  • process_navigation_links_start
  • process_navigation_links_complete
  • set_navigation_menu_element
  • build_navigation_menudata
  • build_navigation_listdata
  • build_navigation_list
  • set_navigation_tab_main
  • set_navigation_tab_fallback
  • navigation_tab_complete
  • fb_like_button
  • showthread_complete
  • page_templates