views:

150

answers:

4

Hi, I want to upload a file to a website via a desktop app and then take the user to the website. The website has a web service, but requires authentication as does the web site. Is there a way to do this without forcing the user to authenticate twice (once in the desktop app and once in the web browser)? Unfortunately, you can't prefill an input of type file for security reasons, which makes sense since the user won't want you uploading arbitrary files from his/her computer. But if they have a desktop app, is there some way around this? Or maybe make the user log into the web app first and then the authentication cookie can be reused? Any other ideas?

Thanks, Ben

+1  A: 

You could generate an authentication token that could later be used on the website.

Carlos Lima
A: 

It all depends on the type of authentication of the service and the site. Is it integrated Kerberos, WS-Auth, is it Basic/Digest HTTP, is it forms/cookie ?

Remus Rusanu
+2  A: 

I would use the dekstop app as a client to the website app via an api.

So, login via the desktop app. The api returns a authentication token (as Carlos suggested) which might be a md5 hash stored in your database for a certain period of time, possibly matched to the clients ip address.

The desktop app can then make calls on the api (like uploading a file) as a authenticated user (by using the auth token).

When loading the website, perhaps the url is http://website/login/{auth_token} where the auth token is added to the url. The api can check to see if its a valid auth token and consider the user logged in.

ae
A: 

This answer will most likely not work in the very general users-on-the-wide-open-web scenario, but in intranet contexts, using Windows Authentication (on an ASP .Net solution), would provide this.

Irwin