Vulnerability in EPiServer.Forms
for most EPiServer sites you can always log in using the url:
To get the current user and check authentication:EPiServer.Security.PrincipalInfo.CurrentPrincipal.Identity.IsAuthenticated
You can use the second to log in the current user to your js app...
Thanks for the reply daniel. I am the alloy app in my visual studio . I was not able to find the login.aspx page in the Solution explorer. I am using active directory to login, I need username and password of the user to autologin into my chat account. Would be suggest me a way how to achieve it.
Hi i am using ejabberg server with converse.js, i need to pass the CurrentPrincipal for authentication.
This is how is need to achieve it but how to pass SID and RID.
I would probably do a custom login page for EPi. There are plenty of guides of how to do that. It's pretty easy...
After validating credentials I would store a unique id in session for the user that I can then use as SID and pass to ejabberg server.
For RID I would probably generate a unique id for each request in the ActionFilter that is used to set the overall layout for mvc / masterpage for webforms.