locked
How to override security (or enable autologon)? RRS feed

  • Question

  • Hello!

    I was looking a way to auto-login user to HTML app, similar like Dale have done for his Lightswitch.codewriting.tips site, but I'm unable to find more info about the whole process.. 

    When you start his page you are logged as "some user" and you can additionally log in as another user over the "log in" link..

    Since my app is designed as back end, I would like to feed external asp.net site with data, but without necessity for login, only if user needs to change some stuff then he clicks to provided link which leads him to standard LS login screen.. I would appreciate some advice.. Tnx in advance!

    Kivito


    Nobody expects the Spanish Inquisition! (M.P.F.C.)

    Monday, December 28, 2015 7:52 AM

Answers

  • Hi Kivito!

    I did a personal app (not really in production anymore) for bridge students/teachers/players that I think had the behaviour you describe - azorbridge.com (any players in the forum btw? :p)

    I started here, with something from Huy Nguyen: https://social.msdn.microsoft.com/Forums/en-US/7a705451-ea95-463b-a5c9-233e705b9f8a/how-to-bypass-forms-authentication-in-light-switch-html-client?forum=lightswitchhtml

    It's a bit messy and I'm sure it can be improved, but what I did was:

     - Created a Guest user with the appropriate permissions.

     - Created a copy of LogIn.aspx named LogInUser.aspx

     - Deleted all the content from LogIn.aspx and replaced it with the following: (forcing the login to be the Guest on entering the page):

    <%@ Page Inherits="Microsoft.LightSwitch.Security.ServerGenerated.Implementation.LogInPageBase" Language="VB" %>
    <script runat="server">
        Protected Overrides Sub OnLoad(e As EventArgs)
          If Membership.ValidateUser("GUEST", "GUEST_PASSWORD") Then
                FormsAuthentication.RedirectFromLoginPage("GUEST", True)
            End If
        End Sub
    </script>
    <!DOCTYPE HTML>
    <html>
    <head>
        <meta name="HandheldFriendly" content="true" />
        <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1, user-scalable=no" />
        <title>Log In</title>
    </head>
    <body>
    </body>
    </html>

     - On the LogInUser.aspx, redirect to the app when the LogIn succeeded:

    <%@ Page Inherits="Microsoft.LightSwitch.Security.ServerGenerated.Implementation.LogInPageBase" Language="VB" %>
    
    <!DOCTYPE HTML>
    <script runat="server">
        Protected Sub LoginUser_LoggedIn(sender As Object, e As EventArgs)
            Response.Clear()
            Response.Redirect("htmlclient/")
        End Sub
    </script>
    
    <html>
    <head>(...)</head>
    <body>
        <form id="LogInForm" runat="server" >
            <asp:Login ID="LoginUser" runat="server" EnableViewState="false" RenderOuterTable="false" OnLoggedIn=LoginUser_LoggedIn>
    (...)
    </body>
    </html>

    Finally i'm redirecting to the LogInUser.aspx when the user Logs Out (LogOut.aspx):

    <%@ Page Language="VB" %>
    
    <script runat="server">
        Protected Overrides Sub OnLoad(e As EventArgs)
            System.Web.Security.FormsAuthentication.SignOut()
            Response.Clear()
            Response.Redirect("LogInUser.aspx")
        End Sub
    </script>
    
    <!DOCTYPE HTML>
    <html>
    <head>
        <title>Log out</title>
    </head>
    <body>
    </body>
    </html>

    Hope you can use something!

    • Marked as answer by Kivito Monday, December 28, 2015 9:54 PM
    Monday, December 28, 2015 1:16 PM

All replies

  • Hi Kivito!

    I did a personal app (not really in production anymore) for bridge students/teachers/players that I think had the behaviour you describe - azorbridge.com (any players in the forum btw? :p)

    I started here, with something from Huy Nguyen: https://social.msdn.microsoft.com/Forums/en-US/7a705451-ea95-463b-a5c9-233e705b9f8a/how-to-bypass-forms-authentication-in-light-switch-html-client?forum=lightswitchhtml

    It's a bit messy and I'm sure it can be improved, but what I did was:

     - Created a Guest user with the appropriate permissions.

     - Created a copy of LogIn.aspx named LogInUser.aspx

     - Deleted all the content from LogIn.aspx and replaced it with the following: (forcing the login to be the Guest on entering the page):

    <%@ Page Inherits="Microsoft.LightSwitch.Security.ServerGenerated.Implementation.LogInPageBase" Language="VB" %>
    <script runat="server">
        Protected Overrides Sub OnLoad(e As EventArgs)
          If Membership.ValidateUser("GUEST", "GUEST_PASSWORD") Then
                FormsAuthentication.RedirectFromLoginPage("GUEST", True)
            End If
        End Sub
    </script>
    <!DOCTYPE HTML>
    <html>
    <head>
        <meta name="HandheldFriendly" content="true" />
        <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1, user-scalable=no" />
        <title>Log In</title>
    </head>
    <body>
    </body>
    </html>

     - On the LogInUser.aspx, redirect to the app when the LogIn succeeded:

    <%@ Page Inherits="Microsoft.LightSwitch.Security.ServerGenerated.Implementation.LogInPageBase" Language="VB" %>
    
    <!DOCTYPE HTML>
    <script runat="server">
        Protected Sub LoginUser_LoggedIn(sender As Object, e As EventArgs)
            Response.Clear()
            Response.Redirect("htmlclient/")
        End Sub
    </script>
    
    <html>
    <head>(...)</head>
    <body>
        <form id="LogInForm" runat="server" >
            <asp:Login ID="LoginUser" runat="server" EnableViewState="false" RenderOuterTable="false" OnLoggedIn=LoginUser_LoggedIn>
    (...)
    </body>
    </html>

    Finally i'm redirecting to the LogInUser.aspx when the user Logs Out (LogOut.aspx):

    <%@ Page Language="VB" %>
    
    <script runat="server">
        Protected Overrides Sub OnLoad(e As EventArgs)
            System.Web.Security.FormsAuthentication.SignOut()
            Response.Clear()
            Response.Redirect("LogInUser.aspx")
        End Sub
    </script>
    
    <!DOCTYPE HTML>
    <html>
    <head>
        <title>Log out</title>
    </head>
    <body>
    </body>
    </html>

    Hope you can use something!

    • Marked as answer by Kivito Monday, December 28, 2015 9:54 PM
    Monday, December 28, 2015 1:16 PM
  • Hi Nuno!

    Thanks for the reply, it works great! It will be fine for my needs for now. 

    Cheers & happy holidays!

    Kivito


    Nobody expects the Spanish Inquisition! (M.P.F.C.)


    • Edited by Kivito Monday, December 28, 2015 9:55 PM
    Monday, December 28, 2015 9:54 PM