PassMark Logo
Home » Forum

Announcement

Collapse
No announcement yet.

ASP.Net Forms Authentication

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • ASP.Net Forms Authentication

    I'm using version 6.0 (build 101 of the professional version of Zoom. It's working great for us on our existing website!

    I have a new website I want to search is protected using ASP.Net Forms Authentication. Rather than have a login page where I have defined a username field and a password field in plain HTML, we utilize the ASP.Net built-in "Login" control which puts its own username/password fields on the page when it renders. (So, using IE's View Source command on our login web page shows that the username field is named something like "ctl00$ContentPlaceHolder1$Login1$UserName".)

    I had hoped to used Zoom's Authentication settings to specify "Automatic login on the following page", "Login variable name", "Your login", etc. to let the Zoom spider log in on my existing login page. Unfortunately, this does not appear to work. I tried specifying the login variable name and password variable name based on the rendered HTML that I could see using IE's View Source. (When looking at the Zoom log, the page flow immediately redirects back to the login page as if the spider was not authenticated.)

    Does Zoom Authentication support ASP.Net's built-in Login control? If so, can you tell me how to configure Zoom?

    Using our existing ASP.Net login page is my preferred approach, but I did find your support page on authentication workarounds ( http://www.wrensoft.com/zoom/support/auth.html ). I can try those options as a last resort.

    Thanks for your help!

  • #2
    There are known issues with some login procedures. Previously, we have seen an ASP.NET login control which not only required the login and password to be sent across, but it also required the value of a particular button. This sort of mechanism is usually designed to accomodate forms which have multiple buttons that do different things (e.g. "Login", "Sign up", "Recover lost password") and they all submit to the same page. It may be an image button, or a named button. None of these can be automatically guessed by Zoom, and require the user to identify and somehow specify the necessary attribute needed.

    We can't add this easily as we need to come up with some way of simplifying the process so it's not too daunting for most users (it's kinda difficult to explain in layman terms) while being flexible enough to work in most situations. So it is something we have left for V6.1.

    If there are options to this login control such that you can disable this need to identify the button that was pressed, then this would be one way to circumvent it.

    Failing that, you would have to use the alternative login methods (e.g. logging in via IE, have cookies enabled and allow Zoom to access said cookies making sure to configure Zoom not to hit the logout page) as described in the support page mentioned above.

    Another solution, if you are capable of making the script changes, is to add code to change the authentication method on your site and use the User-Agent string to automatically allow "ZoomSpider" to login. More information on modifying and using the Zoom user-agent information can be found here.
    --Ray
    Wrensoft Web Software
    Sydney, Australia
    Zoom Search Engine

    Comment

    Working...
    X