Signing in Geocortex Viewer Programatically
Hi,
I'm trying to sign in an HTML (2.9.0) viewer (get a Geocortex Token) programatically. (GE4.8)
I'm building a page that logs in some application and then has to login Geocortex before loading the viewer so that users won't be asked for credentials when the viewer loads up.
I'm sending a POST request to Geocortex (https://domain_name/Geocortex/IdentityServer/account/signin) with the pre-defined username/password.
When I do so, I get a 500 error:
{StatusCode: 500, ReasonPhrase: 'Internal Server Error', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
X-AspNetMvc-Version: 4.0
Cache-Control: private
Date: Tue, 12 Sep 2017 16:29:37 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 454
Content-Type: text/html; charset=utf-8
}}
I believe that's because I didn't include the __RequestValidationToken parameter.
I'm not sure if that is the best way to do it. If yes, how do I defined the "__RequestValidationToken" parameter? When the request is made from the signin endpoint (in browser), that parameter is sent along the request. I don't know how to get/generate it.
If anyone can help I'd appreciate it. Also, if there's a better way of doing this I'm open to suggestions.
Thank you
Denis
0
-
Hi Denis,
Were you able to resolve the issue?
I was also trying to sign in programatcally into the Geocortex services directory by passing the credentials via http basic authentication header and was getting a 403 error. Would welcome any help.
Thanks,
Soham.0 -
Hi Guys,
This topic is a bit more involved than I can probably manage in a forum post, but here goes:
Geocortex Essentials uses a Claims-Based system for authentication. Regardless of the enabled method of authentication, the following things happen:- The user attempts to sign in
- Their browser is redirected to a page/endpoint for the Identity Provider
- That provider issues an authorization token (however it sees fit) and assigns claims to the user
- The user's claims are stored in the Geocortex Security Store
You may be able to configure Essentials to accept an alternate redirect URI, and then use the same sign-in process that the viewer uses to authenticate and store the claims in the security store. Then, you would be able to launch a viewer with the user already signed in. Unfortunately, I don't know the specific steps on how you might do this, nor am I confident it would actually work. I'm speculating based on how I understand our security works.
You cannot programmatically sign in a user with Basic authentication, unless you're using Integrated Windows security and Basic authentication is the only available protocol. We do not recommend using this, ever, since Basic authentication is inherently insecure. To maintain security we recommend using an SSL-secured transport (HTTPS) and Kerberos authentication if your'e also using Integrated Windows.
The __RequestValidationToken parameter is generated by ASP.Net and is an anti-forgery measure. It is automatically generated by the server to ensure that the form was posted from the same server, hence why it cannot be generated.
Regards,
-Malcolm0 -
So if my site is using Windows Authentication, and is an internal user applicaiton inside my firewall, is there an approved method for having a viewer automatically sign in a user based on their current Windows Active Directory credentials when launched? 0 -
Hi Sean,
When using Windows authentication you should already have automatic sign-in if Windows Authentication is the only available provider for your users. If there are multiple providers then they will be given a choice.
We have a (https://support.geocortex.com/essentialsGSCkba?id=kA360000000CiWT) knowledge base article outlining the various additional configuration you can do to ensure a smooth experience.
Regards,
-Malcolm0
Bitte melden Sie sich an, um einen Kommentar zu hinterlassen.
Kommentare
4 Kommentare