2 sites - 1 authentication method

Discussion in 'ASP .Net Security' started by Chris, Apr 20, 2004.

  1. Chris

    Chris Guest

    We have developed two sites that both use forms authentication and have objects with custom principle interfaces and identity interfaces. I would like to use the same principals for both sites and load behind the scenes

    I have tried the following scenario
    1) Create a web service that automtically takes the credentials, loads the custom principal, and redirects the user in the new site. This of course...has a few drawbacks

    Is there a better method or best practices for doing this?....such as setting a cookie on one site....then overriding the page object to allways look for it and load the principal on each page. It seems that this might be a better way to maintain credentials between the two applications

    any thoughts would be greatly appreciated
    Chris
     
    Chris, Apr 20, 2004
    #1
    1. Advertising

  2. Cookies are very commonly used in Single Sign On technologies, so there is
    no reason why this couldn't work for you. You could use a standard
    HttpModule on both sites that would add the cookie for newly authenticated
    users and read the cookie for returning users. You'd probably want to
    encrypt it so that it could not be tampered with.

    Joe K.

    "Chris" <> wrote in message
    news:D...
    > We have developed two sites that both use forms authentication and have

    objects with custom principle interfaces and identity interfaces. I would
    like to use the same principals for both sites and load behind the scenes.
    >
    > I have tried the following scenario:
    > 1) Create a web service that automtically takes the credentials, loads

    the custom principal, and redirects the user in the new site. This of
    course...has a few drawbacks.
    >
    > Is there a better method or best practices for doing this?....such as

    setting a cookie on one site....then overriding the page object to allways
    look for it and load the principal on each page. It seems that this might
    be a better way to maintain credentials between the two applications?
    >
    > any thoughts would be greatly appreciated,
    > Chris
     
    Joe Kaplan \(MVP - ADSI\), Apr 21, 2004
    #2
    1. Advertising

  3. I can recommend the book "Professional ASP.NET Security" from the Wrox
    Programmer to Programmer series.

    I haven't tried it myself yet (just about to), but basically this indicates
    that you can use the machine.config file to pre-set a hash value set to
    allow sharing of credentials between applications (using forms
    authentication) on the same server, or between different serers within a web
    farm.

    ISBN: 1-86100-620-9
    Price US$49.99.

    Hope that helps

    -Alec

    "Chris" <> wrote in message
    news:D...
    > We have developed two sites that both use forms authentication and have

    objects with custom principle interfaces and identity interfaces. I would
    like to use the same principals for both sites and load behind the scenes.
    >
    > I have tried the following scenario:
    > 1) Create a web service that automtically takes the credentials, loads

    the custom principal, and redirects the user in the new site. This of
    course...has a few drawbacks.
    >
    > Is there a better method or best practices for doing this?....such as

    setting a cookie on one site....then overriding the page object to allways
    look for it and load the principal on each page. It seems that this might
    be a better way to maintain credentials between the two applications?
    >
    > any thoughts would be greatly appreciated,
    > Chris
     
    Sandy MacLean, May 11, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kevin Buchan
    Replies:
    1
    Views:
    504
    Eric Lawrence [MSFT]
    Feb 20, 2004
  2. Stefan Caliandro
    Replies:
    2
    Views:
    669
    Beauregard T. Shagnasty
    Feb 14, 2005
  3. Jasbird

    Sites about web-sites ?

    Jasbird, Sep 12, 2006, in forum: HTML
    Replies:
    1
    Views:
    421
  4. imx
    Replies:
    10
    Views:
    843
  5. Yitzak

    2 sites or not 2 sites

    Yitzak, Mar 7, 2009, in forum: ASP .Net
    Replies:
    5
    Views:
    458
    Andrew Morton
    Mar 10, 2009
Loading...

Share This Page