Forum Discussion

Alex_Nimo_26616's avatar
Alex_Nimo_26616
Icon for Altocumulus rankAltocumulus
Nov 03, 2018

ASM JSON login page

Hi,

 

Trying to configure a JSON login page in ASM. The page first asks for the username and only then for the password.

 

1) When configuring JSON login in ASM, you must supply both the parameters( username and password), how can I configure only one? 2) In case I'ts possible to configure only one parameter, what is the best approach in this case? to configure 2 different login pages, each with one parameter( 1) password , 2)user)? Thanks, Alex

 

  • You have a very strange application to protect.

     

    So you are saying that application has Page 1 where user enters username only and clicks login button - this generate a JSON request which contains only one parameter: "username" to the server after which the user is navigating to Page where only the Password is required and then again a JSON request is sent next to the server with only one parameter "password"???

     

    How is the session state maintained between Page 1 and Page 2? there must be something ( a cookie, a token a header) sent back by the server in response to Page 1 request which would help the server to link the JSON data blurb with just username with bare Page 2 with just password.

     

    You can try defining 2 x AJAX page URLs with username & password being the same parameter name (you can't leave the password field blank).

     

    Can you provide examples of full HTTP requests and responses? (Page 1 request/response and Page 2 request/response) for a successful (and unsuccessful) login?

     

  • Those are the 2 Post responses:

     

    1 ) Params:

     

    2) Params:

     

    What links the requests is the cookie and the captcha token but as it can be seen the first request only contains the user and the second one contains the user and the password.

     

    • samstep's avatar
      samstep
      Icon for Cirrocumulus rankCirrocumulus

      OK, so you need to configure 2 different login URLs:

       

      1) */authentication/welcome

       

      Username: email
      
      Password: reCaptchaValue

      2) */authentication/sign-in

       

      Username: email
      
      Password: password

      looks like in both cases Response Status code of 200 indicates successful authentication