How to implement Querystring authentication

Question

I’m developing a website of a client and they are sending out newsletters to their customers (through the website administration interface) The newsletters are personal to each of the subscribed recipients/customers. Each recipient/ customer is also a user with a username/password that enables them to sign in on the website and manage their newsletter subscriptions and participate in the sites community.

This all works like a charm. Now my client want a “Manage my subscriptions” link in the newsletter email that when pressed automatically signs the recipient/customer in on the website with no need to remember username and password.

This could be easily solved be making a link like this:

http://mysite.com/manage.aspx?user=peter&password=hounddog

Of course information should not be clear text but encrypted in some way.

This however poses a problem since the only way a user can be authenticated on the website if by providing a valid username and password. In the name of security, passwords are stored as hashed values in the database making it impossible for me to insert the password in the link.

What is the best way to accomplish this without compromising the security?

Answer 1

You will have to compromise your security somewhat, if you want people to be able to login without entering password. Note that even if you had access to the password (as in your example), you would have to embed it in a mail massage which would be transmitted in plaintext.

You can create a Guid associated with each user and message, and append it to the URL, and allow that to login automatically.

You could perhaps isolate the permissions so that a login through a newsletter guid link only allows the user to manage subscriptions, but that a real password-login is still required to participate in the forum. In that case its pretty limited what havoc can be wrecked if someone gets access to a Guid from a mail message.