Go  

Pass-through login

Hello

Just trying this software out which is very nice. I would like to use this within an area which the user has already been authenticated - is it possible to:

a. Create a user entry in the FileVista database from a seperate application (optional)

b. Assuming that the suer has been created in the FileVista database and matches the information which we authenticated the user, can we parse this information to the FileVista application so it automatically logs them in?

Cheers.
Matt
Matt 5/28/2008 8:08 AM
Looking forward to the reply to your thread.

I have a similar question in the File Control section.

Perhaps a custom script can do manual 'post' to the FileVista login page?
Roger 5/28/2008 10:09 PM
Is this product support alive?!
Matt 6/2/2008 5:31 AM
We will add pass-through login feature in few days.
For example, you will be able to call a url like "FileVista\login.aspx?user=SomeUser&hash=e3kdl25owm"

This way FileVista will let the authenticated user login automatically without prompting for user name and login.
The Hash parameter makes sure that the login request is coming from a trusted source (a web page from your site) and is not altered.

So when this feature is ready, you can dynamically generate a link to "FileVista\login.aspx?user=CurrentUser&hash=e3kdl25owm"or create an aspx page (eg. EnterFileVista.aspx) which will redirect to “FileVista\login.aspx?user=CurrentUser&hash=e3kdl25owm"with current authenticated user name () and calculated hash as parameters in Page_Load. 

Let me know what you think about this solution.
Cem Alacayir 6/2/2008 11:00 AM
Thanks would be a great feature, cheers.

Is there the opportunity for us to create users in the database directly and not through your interface?

Ta.
Matt 6/3/2008 12:25 AM
No, currently the API is not available for external calls but you can connect to the FileVista database and insert new users to the User table.
Cem Alacayir 6/9/2008 3:37 PM
Cem

Any news or eta on the update to allow login via pass-through?

I looked at the database and i would assume that the password has been encrypted? Could you let me know the encryption type please...
Matt 6/10/2008 12:31 AM
Hi Matt,
Yes, we have implemented the pass-through feature but we have decided that using a cookie instead of a querystring will be better as this way FileVista can detect when the user logs out from the external application. I have sent you the updated files and I am waiting for your feedback on this new feature. 

For making use of this feature, first you need to edit App_Data\FileVista.config and add this line:

<add key="ApplicationKey" value="dsfd4ee3ytg3" />

This is the secret key used for hashing the information that is passed to FileVista. This way FileVista will verify that the automatic login request is coming from a trusted source and is not altered by 3rd parties. You should better set the value to a complex string.

Secondly, you will set a special cookie within the external application which can be ASP.NET, ASP or any other kind of script as long as it's on the same domain.

ASP.NET C# code:

Response.Cookies["FileVistaLoginCookie"]["user"] = userName;
Response.Cookies["FileVistaLoginCookie"]["hash"] = MD5Hash(userName + applicationKey);
Response.Cookies["FileVistaLoginCookie"].Path = "/";


ASP Code:

Response.Cookies("FileVistaLoginCookie")("user") = userName            
Response.Cookies("FileVistaLoginCookie")("hash") = MD5Hash(userName + applicationKey)
Response.Cookies("FileVistaLoginCookie").Path = "/"


Note that userName is the name of the user that the external application authenticated. MD5Hash is your function that returns MD5 hash of userName string plus applicationKey string which should be the same key as set in FileVista.config. If using ASP.NET, you can reference GleamTech.Utility.dll in your application and use our CryptoManager.Hash() function for this purpose, there are also ASP versions for MD5 hash on the net.
Be careful about setting the Path property of the cookie as it effects the accessibility. For instance, if your domain is www.mydomain.com, the value of "/" (root) will make the cookie available to all sub-urls like www.mydomain.com/Filevista/ or www.mydomain.com/SomeFolder/FileVista. Or you can limit the cookie just to the folder of FileVista like "/Filevista" or "SomeFolder/FileVista".

It's recommended that you include the above code for adding the cookie in your external application's login/authenticate module where you just authenticate the user and start his session. In the same way, you should include the below code for removing the cookie in your application's logout function:

ASP.NET C# code:
Response.Cookies["FileVistaLoginCookie"].Expires = DateTime.Now.AddDays(-1);

ASP Code:

Response.Cookies("FileVistaLoginCookie").Expires = Date() - 1


After you complete the above integration, you can include a link in your external application which simply targets to "FileVista/" or "FileVista/default.aspx". FileVista will detect the cookie set by your application and automatically log the user in without displaying the login page.


Regarding your other question, you can encrypt the passwords by referencing GleamTech.FileVista.dll and using FileVistaUser.CreateSalt() and FileVistaUser.CreateHash() functions:

            byte[] passwordSalt = FileVistaUser.CreateSalt();
            parameter = command.Parameters.Add("@Password", OleDbType.Binary, 16);
            parameter.Value = FileVistaUser.CreateHash(password + Convert.ToBase64String(passwordSalt));

            parameter = command.Parameters.Add("@PasswordSalt", OleDbType.Binary, 16);
            parameter.Value = passwordSalt;

Cem Alacayir 6/10/2008 8:06 PM
FYI, in v3.2 which we have just released, we included the cookie-login feature. Note that there are some changes to my post above.

- The cookie name is changed from "FileVistaLoginCookie" to "FileVista.ExternalUser".
- ApplicationKey is automatically generated and added to FileVista.config by the configuration wizard.
Cem Alacayir 6/19/2008 5:44 PM
Here is a correct sample code (ASP.NET C#) for v3.2:

//taken from App_Data/FileVista.config
string applicationKey = "48A5B4EF36615265C7997BA99F1743A17E1196713E613E14457B7658791FBE8C";
//FileVista user
string userName = "SomeUser";

//add the cookie
Response.Cookies["FileVista.ExternalUser"]["name"] = userName;
Response.Cookies["FileVista.ExternalUser"]["hash"] = CryptoManager.Hash(userName + applicationKey);
Response.Cookies["FileVista.ExternalUser"].Path = "/"; 

Cem Alacayir 7/2/2008 5:40 PM
I've browsed around the forum, and I haven't found a solution to this problem.

I want to login to FileVista from a html form that is located on another server.  I can't use the AJAX method of logging into the server (posting to administration.asmx/LoginUser and then an XML response back) because of AJAX security restraints. I assuming AJAX is the default method to login, is there an alternative method (like a standard form login method). 

I do not want a complex solution like the pass-through solution you have implemented. I just want a non-ajax login form. Does such a thing already exist in the product? If so, which page, and what variables do I pass to it?
Thomas 10/29/2008 10:24 AM
Ok, I have noted this and we will look into it.
Cem Alacayir 11/18/2008 1:45 PM
I am having trouble uploading files when I do pass through login.  Non-passed logins are able to upload fine.
When I use the FileVista.ExternalUser cookie, I can see the correct folders and my permissions are working fine.  But, when I upload a file, it says:

The Progress bar Simulates a transfer of the file
"Upload Complete"
Esimated time left is 00:00
And there is a button that says "New Upload"

But, the file never actually uploads.

Please help!!
Daniel 7/9/2010 12:22 PM