tags:

views:

50

answers:

1
Q: 

How to connect to a third party website in classic asp using javascript for password encryption and yet not giving in the password.

Hi

I have to make changes to classic asp website where once a button is clicked it autologins to a third party website with a intermediate page that warns that you are logging in to a third party website.

The thirdparty is providing us with a username and password and gave us an examle javascript to encode the password to send to them. Now where do I store the userid and password. I cannot execute the javascript on the serverside. It has to go to the client. If the asp page which has the encryption javascript goes to the client side then the source can be viewed and the username and password is given out.

Is there a way that I can have hidden asp page whose only job is to encrypt the password and create a new url and auto redirect it to that new url.

So when the user clicks ok on the intermediate warning page I redirect it to this hidden asp page which does the encryption and a creates a url for get method and redirects to that page.

I am a novice as far as java script and classic asp is concerned. Any ideas/ advice will be appreciated.

Thanks,

--Abbi

A: 

As SLaks said, it really doesn't matter what you do, if the client browser MUST send the user/pass to the final website, then you cannot prevent that client browser from being able to see that user/pass. It MUST see it, in order to provide it to the other website.

What you might want to consider is creating a page that is loaded server side and presented to the client browser from your website. Think iframe (but not an iframe, that's still client side); where your server requests the page from the destination server, and then presents that page back to the browser. This could get very complex depending on the kinds of interactions that happen on that page; you would basically need to proxy all GET's and POST's between your server and the destination site. But this would eliminate the need for giving the browser the username and password.

Coding Gorilla  2010-10-13 18:58:07

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps