Developer forum

Forum » Development » Autologin on specific IP or similar

Autologin on specific IP or similar

E-mail notifications
Steen Nørgaard Perdersen
Steen Nørgaard Perdersen
Reply
Posted on 11/06/2019 14:54:49

Hey,

A client is having their intranet scanned by a some service they bought, and want that service to scan pages with extranet login aswell.. The company asked me to "whitelist" their IP. I responded with creating them a user and giving them the url-postfix "?user=scanningservice&password=secretPass123", with the option to keep the session - or resend the logininfo on each page view of their crawler. But they cannot.

They are then asking if i could provide an outh cookie for them on first login they can reuse to keep being logged in. But.... idk.

So question is.... is there in dw 9.5.x (or about) something that would be useable for this scenario?

I was looking into creating a PageloadObserver, and checking on IP on e.g.  Standard.Page.PageTitle and then logging the user in...... But it seams this "old" way is not longer viable:

 var sec = new Dynamicweb.Security();
 sec.ExtranetLogin(username, password);

Suggestions?

 

Regards,

Steen


Replies

 
Anders Ebdrup
Anders Ebdrup
Posted on 11/06/2019 15:21:51
Reply

Hi Steen,

 

We have earlier made the implementation suggested here: http://doc.dynamicweb.com/forum/development/intranet-ip

 

Best regards, Anders

 
Nicolai Pedersen
Posted on 11/06/2019 15:35:39
Reply

Whitlisting based on an IP header is a security hole from hell :-).

Take a look at the DW_ExtranetSessionCookie and DW_Extranet cookies. The first is a http only login cookie and the latter is a cookie that uses the stored username and password together with autologin feature...

BR Nicolai

 
Steen Nørgaard Perdersen
Steen Nørgaard Perdersen
Posted on 12/06/2019 09:47:26
Reply

Contents is not secret as such BUT Yeah - was also thinking in the lines of a first time visit with username/pass and then time limited IP access or ....cookie they can send along. 

Do you by any chance have an example how to implement the autologin feature? Before I go create something from scratch :-)

 
Nicolai Pedersen
Posted on 12/06/2019 12:29:52
Reply

Sure thing, take a look here: https://doc.dynamicweb.com/forum/templates/templates/autologin

 

You must be logged in to post in the forum