using a domain for specific account of another domain - javascript

Assume that there is a site (e.g. weblog.com) that users can register on it. after login, user1 would enter to "weblog.com/user1/" entrance page and then browse his own areas of the site. how can I allow him access to his area of my site through his domain (e.g. user1.com).
In other words, when other users enter to user1.com, we would authorize user1 in weblog.com in the background and users access to every user1 allowed pages through user1.com domain transparently.
note that if I use iframe to load weblog.com/user1/ into entrance page of user1.com, all links and also URLs used within javascripts redirect him to weblog.com/user1/. While I want this actions to be transparent from users of user1.com during working.
I am using Ext JS and .htaccess and CORS did not have any result for me until now.
every solutions, tricks or even subjects to study and keywords to search are welcomed.

Sure. What you basically want to do is to rediect your user to there web in your sub domain.
Now, firstly you need to create a javascript that generates a weblog.com/user1 and so on pages on user registration.
Next you have to specify your user to set dns or you have to set it for them that will probably work through your DNS panel (A records, CNAME, or MX records.)
After the user has been authenticated to there site or your subdomain. They can access the page in the same manner but you also need to specify login script at the same time.

Related

Share user data across 2 domains

I have 2 domains, (NOT SUBDOMAINS)
Domain A
Domain B
My users create a account on Domain A and create / login a new account on Domain B with the same info by just clicking a button with "login with Domain A". A better way to explain is: i would like a "login with google" on domain B and domain A would google in this question.
My question is: what would be the best way to approach this, I don't want to share a database across the 2 domains so I thought maybe this could be done with cookies like in this post https://stackoverflow.com/a/6816659/19055225, would this be a good idea if I encrypt the cookies or are there better ways?
The timeline of a user wanting to login on domain B with domain A's login:
Creating account on domain A:
going to domain B to create a account with the created account on domain A, the user will be redirected to domain A with an allow form.
When users allow the creating of an account with the known data on domain A they will be redirected to domain B where they get a succes messages (the data is shared with domain B)
users can now login on domain b with the account from domain A (each login click they will be redirected to domain A for an "login" button to login on domain B)
What would be the best approach for this project?
i already made the html,css and php/js ready forms for every screen.
In essence, what you're asking for has nothing to do with the browser, nor should it; you would never want to share information like that cross-domain, as anything (the users data) could be stored/taken from one website to another (i.e., a company that uses your data for whatever they want).
In my opinion, the question should be directed more toward the backend/database. You have a few solid options:
Share the same database (you said you didn't want to, but feels like it should still be said)
Create a "conversation" between servers (http requests, web sockets)
Database replication (though this isn't easy to make work well in real time, not to mention scale, without tools like rabbitmq)
Share information via encrypted data in the url with a key both servers have in their env to decrypt (less ideal option imo)

webbugs like behavior to send specific and general info to server

I have been finding solutions for one technique that I need in my web app. All the big websites have that solution implemented.
Like Facebook, when user is logged in, and then that user open another tab, and go to xyz website. And that website say has facebook script on it. I have observed that without doing anything on xyz website (just visiting), Facebook ads are tuned related to the user being visited to xyz website.
I know webbugs can send data such as IP of user who is visiting xyz website but how come the specific information is also sent to facebook that facebook uses to tune ads experience for specific user. Specific action may be like, if I go to Qatar Airways website and search for flights from destination A to B then on Facebook I get ads related to deals on Qatar Airways from A to B.
How its technically possible? to me it seems like connecting two cookies. Or what else is possible? I need steps that I need to take to configure my server and client to achieve this functionality. And also what I need to do on other websites that user visits. Thanks
IP Addresses ,
HTTP Referrer ,
Cookies & Tracking Scripts ,
Super Cookies ,
User Agent .
steps : https://developers.google.com/analytics/devguides/collection/analyticsjs/

Using cloudflare to cache dynamic pages

We have a number of pages where the only dynamic content is the user info (Name, profile link, # of items in shopping bag) which is at the top corner. These pages can take upto a second or more to load sometimes.
We are thinking of changing the pages so that the entire HTML page is cached using Cloudflare, then when it's displayed, JavaScript will check for the presence of a cookie name "Username" and "CartCount" and update the profile accordingly, or if the cookie is not available, show the customary login icon.
Is this method feasible and are there any security precautions that need to be taken?
Not only it's feasible, it's actively used by some of the big websites - eg. Airbnb, TripAdvisor.
You may notice that if you open these websites (and many others) at first it looks like you are not logged in, and then later DOM updates with your user name.
The only issue I see is CSRF tokens - if you cache the pages, your tokens will be outdated and not longer useful. You will have to turn off CSRF checks for your AJAX requests and sign in page.

How to restrict a Web page to only open when a request for it comes from a specific referrer

I'm writing a new JavaScript based Web app, which I need to secure in the following specific manner:
I should only allow for my app's index.html to be served if the request for it comes from a specific site.
By doing that, I will be forcing my users to go to that specific corporate site first, which will require for them to authenticate. Once the user is logged onto that site, they are provided with a link to my app. If my app's index.html is requested in any other way, beside following that corporate link, I would like to redirect the user to that corporate site.
How can this be accomplished?
You can use document.referrer to get the referral page. Once you get that from your corporate site you can probably put in some logic to redirect to the corporate site if it doesn't match where you're expecting.
Something tells me this isn't the best way to handle user authentication, but I'm new to that aspect.
Note: I'm on my phone, so excuse lack of code tags for that tiny bit up there.
Set a variable to the document.referrer().Then check the condition properly to determine if the referrer is in the proper page and if its not do a redirect..

automatic login to a website

I have got a 3rd party website, which my customer wants to me to login into in order to download some data periodicaly.
The data is customer specific, and password protected.
I have the username/password, and I have searched for ways to do the login automatically so that I can pull data, but so far with no success.
This is a method that I have tried:
http://crunchify.com/automatic-html-login-using-post-method-autologin-a-website-on-double-click/
When I look into the login page of the website which I am trying to login to (view source), I don't see the login form, but if I click on "inspect element" in chrome on the fields of the page it does show that there is a login form hiding in there.
Any suggestions
Edit:
Here is the website which I need to autologin to: http://portal.dorad.co.il/#/Login unfortunatlly it's not in english. The first field is the username, the second field is the password and the button is the login
Edit2:
Taking pomeh's advice, I was able to find the jQuery code that is being triggerted when the text boxes are being modified. Now I want to run this script manually using element.DomContainer.Eval
(function(n,t){function vi(n){var t=n.length,r=i.type(n);return i.isWindow(n)?!1:1===n.nodeType&&t?!0:"array"===r||"function"!==r&&(0===t||"number"==typeof t&&t>0&&t-1 in n)}function ne(n){var t=li[n]={};return i.each(n.match(s)||[],function(n,i){t[i]=!0}),t}function uu(n,r,u,f){if(i.acceptData(n)){var s,h,c=i.expando,a="string"==typeof r,l=n.nodeType,o=l?i.cache:n,e=l?n[c]:n[c]&&c;if(e&&o[e]&&(f||o[e].data)||!a||u!==t)return e||(l?n[c]=e=tt.pop()||i.guid++:e=c),o[e]||(o[e]={},l||(o[e].toJSON=i.noop)),("object"==typeof r||"function"==typeof r)&&
...
(t=n(this);r=r.not(t),t.removeData(f),r.length||clearTimeout(c)},add:function(t){function s(t,u,e){var s=n(this),o=n.data(this,f);o.w=u!==i?u:s.width(),o.h=e!==i?e:s.height(),r.apply(this,arguments)}if(!u[o]&&this[e])return!1;var r;if(n.isFunction(t))return r=t,s;r=t.handler,t.handler=s}}}(jQuery,this)
I am not sure how to activate it and give it the relevant data.
If you have the right mix of technical requirements then you want Single-Site-Sign-On (SSSO).
Not all of my clients have SSL and I don't want my user name and password on all of their sites. They are however all on the same server. Since my site supports SSL I can log in to my own site securely.
What you need to do conceptually speaking is log the IP of the administrator account along with the data/time stamp. Then if you visit your client's website (again, on the same server) from that same IP you can have your scripting language check the file. I require a short time-span (anywhere between 30 seconds to two minutes tops) and the same IP address. You can add additional technical requirements to strengthen security of course though your options will be limited as the domain name will be different. If the IP matches the criteria emulate the user being authenticated (static obviously since you likely won't/shouldn't have your administrative account information on their site) and you can be automatically signed in.
Maybe you could do this using a web scraping framework like:
Goutte for PHP (https://github.com/fabpot/goutte)
Scrapy for Python (http://scrapy.org/)
node.io for Node.js (https://github.com/chriso/node.io)
request for Node.js (https://github.com/mikeal/request)
WatiN for .Net (http://watin.org/)
In any case, I think a client side solutions will bring a lot of problems to do this. Maybe you can login into it using a form tag which points to the page, but you won't be able to manipulate the page afterwards. Also, you may not be able to use AJAX due to CORS restriction. You could embed the target page as an iframe but you can't either manipulate the page because of differents domains used (you can do that under certains conditions but it's hard to achieve this imho). So a server side solutions sounds better to me.

Categories