Create Token VB.Net

jaykapalczynski · ‎08-18-2014

Trying to create a Token at my initial login page.

I think I may have some syntax error but cant figure out where....ANY ideas?

Imports System.Data.SqlClient

Imports System.Net.Mail

Imports System.Data

Imports System.IO

Imports System.Web.Configuration

Imports System.Web.UI

Imports System.Net

Partial Class Login

Inherits System.Web.UI.Page

Public username As String = ""

Public password As String = ""

Protected Sub LoginButton_Click(sender As Object, e As EventArgs)

username = Login1.UserName

password = Login1.Password

Session("username") = username

Session("password") = password

Dim sConn As String

sConn = System.Configuration.ConfigurationManager.ConnectionStrings("SQLConnection").ToString

Dim sqlConn As New SqlConnection(sConn)

Dim sqlcomm As New SqlCommand("select * from users_test where username='" & username & "'and password ='" & password & "'", sqlConn)

sqlcomm.CommandType = Data.CommandType.Text

Dim rdrloginexists As SqlDataReader

sqlConn.Open()

rdrloginexists = sqlcomm.ExecuteReader

Dim myDT As DataTable = New DataTable

myDT.Load(rdrloginexists)

sqlConn.Close()

Create_Token(username, password, "123456")

End Sub

Public Sub Create_Token(ByVal username As String, ByVal password As String, ByVal clientid As String)

Dim referer As String = "http://ourServer.gov/login.aspx"

Dim expiration = "2014"

Dim tokenUrl As String = "https:/http://ourServer.gov/login.aspx/Create_Token?username=" & username & "&password=" & password & "&referer=" & referer & "&expiration=" & expiration & "&f=json"

Dim tokenRequest = DirectCast(WebRequest.Create(tokenUrl), HttpWebRequest)

tokenRequest.Referer = referer

Dim token1 = tokenRequest.GetResponse()

Using stream As Stream = token1.GetResponseStream()

Dim reader As New StreamReader(stream, Encoding.UTF8)

Dim responseString As [String] = reader.ReadToEnd()

End Using

End Sub

End Class

jaykapalczynski · ‎08-19-2014

I was able to get this working.....

ANY Questions PLEASE ASK

I have an .aspx with .aspx.vb LOGIN page that grabs the user Credentials and other necessary parameters for creating a Token...the token is created at the login page and stored as a session variable which is then consume in the redirect page. Once at this new page I am using this created TOKEN to render my Secured Services WITHOUT having the login again....

Imports System.Data.SqlClient

Imports System.Net.Mail

Imports System.Data

Imports System.IO

Imports System.Web.Configuration

Imports System.Web.UI

Imports System.Net

Partial Class Login

Inherits System.Web.UI.Page

Protected Sub LoginButton_Click(sender As Object, e As EventArgs)

Dim username As String

Dim password As String

username = Login1.UserName

password = Login1.Password

Dim sConn As String

sConn = System.Configuration.ConfigurationManager.ConnectionStrings("SQLConnection").ToString

Dim sqlConn As New SqlConnection(sConn)

Dim sqlcomm As New SqlCommand("select * from users_test where username='" & username & "'and password ='" & password & "'", sqlConn)

sqlcomm.CommandType = Data.CommandType.Text

Dim rdrloginexists As SqlDataReader

sqlConn.Open()

rdrloginexists = sqlcomm.ExecuteReader

Dim myDT As DataTable = New DataTable

myDT.Load(rdrloginexists)

If myDT.Rows.Count <> 0 Then

Create_Token(username, password)

Response.Redirect("Test.aspx")

End If

sqlConn.Close()

End Sub

Public Sub Create_Token(ByVal username As String, ByVal password As String)

Dim referer As String = "https://OurServer.gov"

Dim expiration As String = "120"

Dim format As String = "json"

' This will be replaced with the Actual IP of the requester....dont have that code yet...hard coded for now

' Replace with your IP Address

Dim clientid As String

clientid = "10.111.11.111"

Dim tokenUrl As String = "https://OurServer.gov/arcgis/tokens?request=gettoken&username=" & username & "&password=" & password & "&referer= & referer & clientid=" & clientid & "expiration=" & expiration & "&f=" & format & ""

Dim tokenRequest As New WebClient

Dim token = System.Text.Encoding.UTF8.GetString(tokenRequest.DownloadData(tokenUrl))

Session("tokentext") = token

End Sub

End Class

View solution in original post

jaykapalczynski · ‎08-18-2014

Am I wrong on the String ...maybe something like this

Dim referer As String = "https://MyServer.gov/login.aspx"

Dim expiration = "10"

Dim tokenUrl As String = "https://MyServer.gov/arcgis/tokens?request=gettoken & username=" &username & "&password=" & password & "&referer=" & referer & "&expiration=" & expiration & "& f=json"

Anyone ever bypass the User Name authentication via VB.net in a JavaScript app? I have a password for my main Website...then have a bunch of apps inside...I dont want the user to have to enter password 5 million times..

jaykapalczynski · ‎08-19-2014

I was able to get this working.....

ANY Questions PLEASE ASK

I have an .aspx with .aspx.vb LOGIN page that grabs the user Credentials and other necessary parameters for creating a Token...the token is created at the login page and stored as a session variable which is then consume in the redirect page. Once at this new page I am using this created TOKEN to render my Secured Services WITHOUT having the login again....

Imports System.Data.SqlClient

Imports System.Net.Mail

Imports System.Data

Imports System.IO

Imports System.Web.Configuration

Imports System.Web.UI

Imports System.Net

Partial Class Login

Inherits System.Web.UI.Page

Protected Sub LoginButton_Click(sender As Object, e As EventArgs)

Dim username As String

Dim password As String

username = Login1.UserName

password = Login1.Password

Dim sConn As String

sConn = System.Configuration.ConfigurationManager.ConnectionStrings("SQLConnection").ToString

Dim sqlConn As New SqlConnection(sConn)

Dim sqlcomm As New SqlCommand("select * from users_test where username='" & username & "'and password ='" & password & "'", sqlConn)

sqlcomm.CommandType = Data.CommandType.Text

Dim rdrloginexists As SqlDataReader

sqlConn.Open()

rdrloginexists = sqlcomm.ExecuteReader

Dim myDT As DataTable = New DataTable

myDT.Load(rdrloginexists)

If myDT.Rows.Count <> 0 Then

Create_Token(username, password)

Response.Redirect("Test.aspx")

End If

sqlConn.Close()

End Sub

Public Sub Create_Token(ByVal username As String, ByVal password As String)

Dim referer As String = "https://OurServer.gov"

Dim expiration As String = "120"

Dim format As String = "json"

' This will be replaced with the Actual IP of the requester....dont have that code yet...hard coded for now

' Replace with your IP Address

Dim clientid As String

clientid = "10.111.11.111"

Dim tokenUrl As String = "https://OurServer.gov/arcgis/tokens?request=gettoken&username=" & username & "&password=" & password & "&referer= & referer & clientid=" & clientid & "expiration=" & expiration & "&f=" & format & ""

Dim tokenRequest As New WebClient

Dim token = System.Text.Encoding.UTF8.GetString(tokenRequest.DownloadData(tokenUrl))

Session("tokentext") = token

End Sub

End Class

ShaikhRizuan · ‎01-17-2018

Hi Jay,

The token generated does not respect the referer URL. If token is being used in any other application, i can see the map.

Actually it should not allow to view the map. I have posted the issue in detail in below link

https://community.esri.com/thread/207940-arcgis-token-not-working-properly-when-creating-programmati...

How to resolve this??