views:

50

answers:

1

Hi

I have to make changes to classic asp website where once a button is clicked it autologins to a third party website with a intermediate page that warns that you are logging in to a third party website.

The thirdparty is providing us with a username and password and gave us an examle javascript to encode the password to send to them. Now where do I store the userid and password. I cannot execute the javascript on the serverside. It has to go to the client. If the asp page which has the encryption javascript goes to the client side then the source can be viewed and the username and password is given out.

Is there a way that I can have hidden asp page whose only job is to encrypt the password and create a new url and auto redirect it to that new url.

So when the user clicks ok on the intermediate warning page I redirect it to this hidden asp page which does the encryption and a creates a url for get method and redirects to that page.

I am a novice as far as java script and classic asp is concerned. Any ideas/ advice will be appreciated.

Thanks,

--Abbi

A: 

As SLaks said, it really doesn't matter what you do, if the client browser MUST send the user/pass to the final website, then you cannot prevent that client browser from being able to see that user/pass. It MUST see it, in order to provide it to the other website.

What you might want to consider is creating a page that is loaded server side and presented to the client browser from your website. Think iframe (but not an iframe, that's still client side); where your server requests the page from the destination server, and then presents that page back to the browser. This could get very complex depending on the kinds of interactions that happen on that page; you would basically need to proxy all GET's and POST's between your server and the destination site. But this would eliminate the need for giving the browser the username and password.

Coding Gorilla