I’m planning to develop a web app for my business network that can access a web page (Power BI report) and remember my login info. This way, I can share the local address with employees without giving them my login details.
I was thinking of using a Flask app, but I’m not sure how to manage the cookies to keep my session open. Ideally, I want to login once, and then the app should handle the cookies.
Is there an easier way to do this or a better library I should use?
Sounds like you only have 1 license and therefore want to share an account between users to save having to purchase more licenses? If so, what you’re trying to do is reverse engineer security measures that have been put in place to prevent all sorts of attacks from bad actors. In short, that’s a terrible idea.
If you really want to share this license, although dodgy, create a shared user account in the domain that everyone can access (still a terrible idea), and set up SSO, such that anyone using the account only has to sign in once to the domain, and will be SSOd into all other apps automatically.
If I’m misunderstanding your post, my apologies, but that’s how I interpreted it, so perhaps others might too.
Yeah, it’s the general idea, to share my access with just one license at the moment, it’s only one report and the cost of all the licenses required just for that report it doesn’t make sense financially at the moment, that’s why I’m looking for alternatives, but I want to make a login on top of the app and a log to see really who and how much it’s the report being used before I present my request for more licenses.
But I like to do this as a general project, I was thinking in things like share other services locally in my home network, investigate if I could serve the web pages with little modifications to the page to hide nav bars or things like that, my interest is to learn how something like this could be achieved as a personal project.
That’s fair. Long story short, you will be going against every single security measure implemented by modern browsers, and modern protocols.
To achieve what you want, you’ll have to reverse engineer modern federation and authentication protocols used to establish trust between parties. Why? Because they were designed to prevent bad actors from exactly what you’re trying to accomplish. For example, it’s not just a matter of overlaying a site from a different piece of software, and passing cookies or trying to replicate a session within that software. That’s exactly what bad actors did in the past to hijack sessions, and overcome insecure protocols. You can test this yourself by signing into Bi, going to the network tab, scraping all session keys and cookies, then on another end point launch a browser and use the scraped keys and sessions to see if you’ll get signed in. The answer is no, you won’t. Even if a session could be shared technically, a connection from that would trigger a multitude of security protocols designed to catch exactly that happening.
That’s just some of the technical challenges to overcome. What you also have to think about, is audits and compliance of your organisation. If an auditor catches a whiff of your attempts to bypass licensing restrictions, then not only will the org face crazy $$$ penalty fees, but you’ll most likely end up fired, because no org will sacrifice its image over a single employee.
Do what you wish with this information, just don’t get yourself into trouble. If this was in regard to some amateur made website, I’d say go and see if they left any security holes that would allow this, but thinking that a tech giant like Microsoft would be unable to catch, what essentially is session hijacking, is a little bit naive.