The application ThirdPartySite simulates a remote third party site as the target site that a user is redirected to upon a successful authentication. As mentioned before, a landing page at the ThirdPartySite receives an EncryptedData string from Url and then consumes the authentication web service which decrypts the string and returns a complete set of user data. The third party application then processes the data returned and updates its database, and then programmatically logs the user into its site. If the decryption fails because of either the EncryptedData being expired or tampered with, an error message is returned to the third party application. As a demo, the user data returned to the third party is not saved into a database but displayed in a GridView.
A web reference pointing to CrossSiteAuthentication/AuthenticationService.asmx in the same solution is added to the site and named as AuthenticationService. There are two landing pages in the application simulating two different third party sites. For the demo, the code in LandingPage1.aspx and LandingPage2.aspx is exactly the same. Therefore, we only need to take a look at LandingPage1.aspx. Looking at the code in Listing 7, the page gets the EncryptedData from QueryString and requests for Parameter1 and Parameter2 which are used by the third party for its own purpose. For the demo, any code involving Parameter1 and Parameter2 are omitted. The page then declares an instance of the AuthenticationService and calls the RetrieveUserDataSet web method. If a DataSet is returned, signifying the success of the cross site authentication, this page performs necessary actions to handle the user data, and then logs the user in programmatically. Otherwise, authentication fails and an error message is displayed.
Listing 7
//request for the EncryptedData string EncryptedData = Request.QueryString["EncryptedData"]; if (EncryptedData == null) { lblError.Text = "A required parameter is missing from url. "; return ; } //Request p1 and p2 from Url. p1 and p2 are the parameters that //the third party app needs string p1 = Request.QueryString["Parameter1"].ToString(); string p2 = Request.QueryString["Parameter2"].ToString(); //additional code here to process the parameters //Add a web reference to your app and name it anything you like. Here it is //named as AuthenticationService. //declare web service and a reference variable - ReturnMessage AuthenticationService.AuthenticationService AuthService = new AuthenticationService.AuthenticationService(); string ReturnMessage = ""; DataSet ds = null; //Call Web Method: RetrieveUserDataSet //success: user authenticated, get a DataSet. //Failure: user not authenticated or Url expired. Return null and error message. try { ds = AuthService.RetrieveUserDataSet(ref ReturnMessage, EncryptedData); } catch (Exception ex) { lblError.Text += ex.Message.ToString(); } if (ReturnMessage != "") { lblError.Text += ReturnMessage; return ; } if (ds != null) { FormsAuthentication.SetAuthCookie("LoginUser", false); gvUserData.DataSource = ds.Tables[0]; gvUserData.DataBind(); }
User Comments