0

I am trying to create a link that navigates to a 3rd party site and automatically logs in.

There is no API and the form doesn't support query strings. Security isn't an issue (I know passing variables in links isn't good practice but in our situation that's ok).

I can get it to work using VBS but IE makes it really tough to execute scripts.

I am now using Javascript:

function autoLogin() {
    document.Form1.submit();
}

My HTML:

<form name="namofform" method=post action="www.websiteofloginpage.com"> 
<input type=hidden id=ID name="USERNAME" value="USERNAME"/>
<input type=hidden id=ID name="PASSWORD" value="PASSWORD"/>
</form>

I change the fields to the one on the form. When I execute the script (on load or by a link) it navigates to the page but isn't posting (logging in).

I noticed the submit button is using the _doPostBack - is that why it's not working trying from my a different site?

John Conde
  • 217,595
  • 99
  • 455
  • 496
Robbeh
  • 98
  • 1
  • 11
  • We had a very similar issue with a client, and their solution was to try to use VBScript for the front end and submit the form using the same method you're trying. This is possible but not a very good idea. We were lucky enough to be able to use query strings, but you can and should use cross-domain posting. – MaKR Jun 13 '14 at 18:36

2 Answers2

1

Have you looked into other cross-domain POSTing answers? There are certainly a variety of ways you can circumvent the same origin policies of browsers, but you won't be able to do it with simple JavaScript POSTing of forms.

See more here: Cross Domain Form POSTing

Perhaps you can use a CORS-based or JSONp solution:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

What is JSONP all about?

Community
  • 1
  • 1
Jim Miller
  • 426
  • 5
  • 14
  • I have, even with using no Javascript and just trying to cross-domain POST, the login page loads but nothing happens. I have a feeling it's however this software is being run since the "login button" on the 3rd party site isn't a simple input submit but rather this javascript _doPostBack. – Robbeh Jun 13 '14 at 20:46
0

Did you try to submit form with the good URI, generally we will have something like that: www.example.com/login. There also another point mentionned in Jim Miller's answer which is the Cross Domain Form POSTing.

Wael Ben Zid El Guebsi
  • 2,670
  • 1
  • 17
  • 15
  • I did, the site runs SSL, would that be an issue? https://thedomain.com/customdirectory/login.aspx is what I am using in the action. – Robbeh Jun 13 '14 at 20:43