[Web4lib] creating a link that bypasses username and password page
Chris Murphy
chrism at thecommunitylibrary.org
Mon Jul 10 11:59:53 EDT 2006
John Fitzgibbon wrote:
> ...
> We wish to add a button, in WinU, that launches Internet Explorer but
> opens a page that is password protected. We are legally entitled to use
> this page from within our library.
>
> We know the web page that 'acts' on the form. It uses the http protocol,
> not SSL. The form uses the post method. We know the field names for user
> name and password and what the values for those fields should be.
>
> Can this information be included in the parameter line or alternatively
> can it be embedded in the URL?
You may be able to create a dummy page with the relevant login info
hidden from the user but contained in the HTML. I've used this tactic in
the past to speed patron logins to sites using the authentication method
you describe.
Instead of linking to the vendor's login page, you link to your own
modified version of it which, in turn, passes along the POST data. E.g.,
<FORM METHOD="POST" ACTION="http://www.vendor.com/verify.asp" NAME="xyz">
<INPUT TYPE=hidden NAME=Username SIZE=30 VALUE=usernameHere>
<INPUT TYPE="hidden" NAME=Password SIZE=30 VALUE=passwordHere>
<INPUT TYPE=hidden NAME=URL VALUE="/somelink.asp">
<INPUT TYPE="submit" VALUE="Login">
</FORM>
This may or may not work depending on exactly how the vendor
authenticates, but it's easy to try.
Regards,
Chris Murphy
--
Christopher Murphy
Information Systems Manager
The Community Library, Ketchum, Idaho
chrism at thecommunitylibrary.org
http://www.thecommunitylibrary.org
208.726.3493 x111
More information about the Web4lib
mailing list