0

Is it possible to prompt a log in to authenticate based on a querystring value?

I have a site requiring authentication, except in the case when a token is passed in the querystring. A requirement is that the token users already log in to a thick client and they must only log in once. From the client they click a generated link with a token in query string to open the web page. The site must also be available to non-thick client users by opening directly in browser and authenticating via prompt.

Improve this question

2 Answers 2

Reset to default
1

Please don't authenticate via the query string. Force a login and let the user select a context to run under.

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

Alas, my hand is forced by the customer. We would be getting an encrypted key in the query string generated from a third party app which we would use to validate against their system so they aren't prompted for log in.
That's not logging in or impersonating, that is passing a token to a SSO process.
And if the key is not in the querystring, we must prompt a log in. So my question remains.
You should elaborate what you are trying to do in the question. It will probably get closed being so vague.
+1: Don't know why this was downvoted, so I've taken corrective measures.
|
1

How about:

on page load you can check for the login=.

Do your check with the third party app to see if the token is correct. Afther that:

    Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
    FormsAuthentication.SetAuthCookie("username", false);
    Response.Redirect("samepage.aspx");
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.