views:

86

answers:

3

Is this possible?

I want to have a PHP login form on my website. When the user enters a username and password and clicks submit, they should be directed to a remote website logged in (therefore skipping the login form on the remote site).

As mentioned in the title, the remote site is built using ASP.NET.

I've tried to search for a solution this but really not finding anything so some help and advice would be welcome.

Thanks, Mark.

A: 

Do you own the remote site ?

If no, the only solution is to submit the remote form with curl, by posting via POST/GET the right parameters. You have to check the html source of the remote form to know what parameters you have to pass. Nethertheless, this solution will be broken as soon as the remote website will implement some CRSF protection on their forms.

bPizzi
No I don't own the remote site. I've tried using curl but had no luck in getting that to work. Does curl retrieve the remote site login page and load it into my local page? This won't work for me because I don't have support for asp.net .... Thanks.
Mark Jones
Absolutely not. Curl is passing data threw http to a remote ressource.Maybe you should try to dig this one : http://fr2.php.net/manual/en/book.curl.php first.Btw, what you're trying to achieve isn't clear, why do you want to submit to a form that you don't own ?
bPizzi
Thanks for the link.Basically, the asp.net site is a project management application that users who use our product have access to. We want to be able to allow a user to login through our site so that we can maintain the branding. The user would then be directed straight to the project management app already logged in.
Mark Jones
A: 

Have you tried to post directly to the ASP.NET form from your php script?

iWantSimpleLife
Yeah, it just re-directs to their login form
Mark Jones
It could be that their scripts are checking for where the post data is coming from. I guess there is no way to post directly to them then.If this is the case,then CURL will also not work.Any chance that you can talk to the admin on the other side and get them to allow your code to post over?
iWantSimpleLife
Are they checking the html referrer that is posting the form? If they are, you can try spoofing the referrer.
iWantSimpleLife
A: 

I've had the same situation where I needed to post a remote form. If I remember correctly,I did the following:

  • create http handler (I used Zend_Http for this).
  • first fetch the page via GET.
  • search response for all form elements and their values.
  • set those values in the http handler.
  • set your own values (such as username/password).
  • execute POST

asp.net apps create forms that are a bit ugly. They use a lot of hidden values in their forms (at least in my situation). There is a change you need to enable cookies.

Hope this helps.

Edwin