Adobe Connect User Community
Menu

#1 2008-07-07 11:35:06

**_ipfreely_**

how can I send my login ID & password securely?

hello!

I have 2 questions. In the API documentation it says you may log in by appending your username & password right in the query string. this is rather insecure! Another method is to Send your request in an XML document using https thus hiding the content - much better.

1) Is there a specific URL i need to send the XML document to?
I'm not sure to where to send the XML document containing my username & password.  for example, in order to log in by putting your username & password in a query string:[code]Call login, adding the user

Offline

#2 2008-07-07 19:00:59

**_nick_**

Re: how can I send my login ID & password securely?

this is something i've been wondering about as well... do let us know if figure it out.

Offline

#3 2008-07-08 10:28:13

**_jcooper9099_**

Re: how can I send my login ID & password securely?

How about : make an HTTPRequest Object and send it via SSL? In this method you can specify POST or GET or fomat the header.


OR for the XML method you can use the following

In one appilcation In C# I have something like this. You probably can't cut and paste this

XMLDocument xmldoc = new XMLDocument;
xmldoc.load("https://domain.na3.acrobat.com/api/xml?action=login&login=LOGIN-NAME&password=PASSWORD");

This sends a preeformated XML request staright to the server. XML requests are not really like webrequests so there is no browser history URL with your username or password.  Packet sniffers could be a threat, but  if you use https your network and the adobe serverwould decide how to deal with secure requests.

Also you can call "/api/xml?action=common-info to get the cookie AFTER you have logged in because the cookie will then change or be activated and you can reuse it in calling other URLs to get data. otherwise you get a "no-login" status for calls.

For more security I used the HTTPRequest method toget the cookie as part of the header and store it in a cookie container.

Last edited by **_jcooper9099_** (2008-07-08 10:43:55)

Offline

#4 2008-07-10 11:00:06

**_ipfreely_**

Re: how can I send my login ID & password securely?

hi jcooper9099,

after reading your response i realized i was confused regarding the order of operations during an SSL handshake and had to do some research. i was worried the query string containing the username & password would be visible to capture. according to some sites offering SSL info, the querystring is stripped off when making the initial transaction, then is passed along after the handshake. we have the SSL option with Connect so the query string would only be visible to the sys admin at Adobe (who has our account info anyway..) in the server logs. query strings are logged - so remember that if your bank starts putting your bank acct #'s in your query strings!


I spoke to our support rep and he's going to get back to me on how to upload the xml doc securely as an alternative login.

for now though, as promised, here is the code to log in, then display my meetings as an example for those just getting started. it's in vb.net but it should give you some ideas:

Dim sb As New StringBuilder
        Const constSpaces As String = "    "
        Dim strCookie As String

        'examples of httpwebrequest to manually build requests
        'http://www.codeproject.com/KB/IP/httpwebrequest_response.aspx
        'http://www.codeproject.com/KB/XML/dilbertservice.aspx

        ''get cookie param
        'Dim xmlRead As New XmlTextReader("http://ourserver.na3.acrobat.com/api/xml?action=common-info")
        'Do While xmlRead.Read
        '    If xmlRead.NodeType = XmlNodeType.Element Then
        '        If xmlRead.Name = "cookie" Then
        '            strCookie = xmlRead.ReadString
        '            Exit Do
        '            'If xmlRead.AttributeCount > 1 Then
        '            'xmlRead.getattributecount 
        '            'If xmlRead.hasattributes > 1 Then
        '            'xmlRead.MoveToFirstAttribute()
        '            'End If
        '        End If
        '    End If
        'Loop

        'send login string & get cookie in 1 request
        Dim xmlReadPass As New XmlTextReader("http://ourserver.na3.acrobat.com/api/action=login&login=myLogin&password=myPassword&session=" & strCookie)
        Do While xmlReadPass.Read
            If xmlReadPass.NodeType = XmlNodeType.Element Then
                If xmlReadPass.Name = "cookie" Then
                    strCookie = xmlReadPass.ReadString
                    Exit Do
                End If
            End If
        Loop


        'check for cookie, then retrieve meetings
        If strCookie <> "" Then
            Dim xmlReadMeetings As New XmlTextReader("http://ourserver.na3.acrobat.com/api/xml?action=report-my-meetings&session=" & strCookie)
            Do While xmlReadMeetings.Read
                If xmlReadMeetings.NodeType = XmlNodeType.Element Then
                    If xmlReadMeetings.Name = "meeting" Then
                        'sb.Append(xmlReadMeetings.Name.ToString & ":")
                        If xmlReadMeetings.AttributeCount > 1 Then
                            'xmlReadMeetings.getattributecount 
                            'If xmlReadMeetings.hasattributes > 1 Then
                            'xmlReadMeetings.MoveToFirstAttribute()
                            sb.Append("meeting id: " & xmlReadMeetings.GetAttribute("sco-id").ToString() & " - name: ")
                        End If
                    End If
                    If xmlReadMeetings.Name = "name" Then
                        sb.Append(constSpaces & xmlReadMeetings.ReadString & "<br>")
                    End If
                End If
            Loop
            lblMeetings.Text = sb.ToString
        Else
            lblMeetings.Text = "no meetings found"
        End If

Offline

Board footer