Can I pass ASP Basic Auth Credentials to an APS.NET Forms Authentication site?

D

Douglas J. Badin

I am converting an ASP Website running Windows NT 4.0 to ASP.NET running
Windows 2000 on a different computer across the Internet. During this
process, both will be active and availble to users.

The ASP site A uses Basic Authentication and has the user enter a UserID and
Password that are Authenticated against a database.

The ASP.NET site N uses Forms Authentication and has the user enter a UserID
and Password that are Authenticated against a copy of the ASP's database.

At this point in time I am only concerned with the scenario as follows:

- User Logs in to Site A (ASP)
- Site A redirects the User to Site N (ASP.NET)

In this scenario, the User has to enter their UserID and Password a second
time when accessing Site N.

Can Site A programitically pass the credentials, UserID and Password, to
Site N so the user does not have to logon a second time with the same UserID
and Password without changing the authentication schemes of either site.

If so, what are my options?

Thanks,
Doug
 
Y

Yan-Hong Huang[MSFT]

Hello Douglas,

Thanks for posting in the group.

Based on my understanding, now the question is: You have one asp
application which uses basic authentication and one asp.net applicaiton
which uses forms authentication. The user ID and password database is the
same for these two web applications. Now, - User Logs in to Site A (ASP) by
using user name and passoword, Site A redirects the User to Site N
(ASP.NET). Can Site A programitically pass the credentials, UserID and
Password, to
Site N so the user does not have to logon a second time? Please correct me
if I have misunderstood anything.

Here I thought of a method. Since we are using basic authentication in Site
A (ASP), so we can get username and password in ASP web application first
and store it in the cookie. When the Site A redirectes users to Site N
(ASP.NET), it will redirect to forms authentication auto-login page. In the
Page_Load of that page, we can fetch the user name and password from cookie
and authenticate the user programmatically. So the client doesn't need to
input username and password again.

Does that answer your question? If there is any unclear, please feel free
to post here.

Ps: In ASP programming, if we use basic authentication, we can only use
username and password in NT domain. What database do you mean in the
sentence "The ASP site A uses Basic Authentication and has the user enter a
UserID and Password that are Authenticated against a database."? Do you
mean authenticate the user name and password in NT domain?

Best regards,
Yanhong Huang
Microsoft Community Support

Get Secure! ¨C www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 
D

Douglas J. Badin

Hi Yanhong Huang,

You understand correctly.

The database of usernames and password is SQL Server and you are correct in
assuming I can get the Username and Password.

Your idea sounds interesting. I will have to check it out. The only
concern I have is that it will be a cross-domain cookie. Site A and N are
two different boxes in different locations. Right now I redirect to the IP
of Site N.

Thanks,

Doug
 
Y

Yan-Hong Huang[MSFT]

Hello Douglas,

Thanks very much for the quick update.

If the Site A and N's DNS name is different, for an example, www.sitea.com
and www.siten.com, the cookie can't work, because the cookie is based on
DNS name. If the name of DNS is different, the cookie will look on them as
different web sites and they won't share the cookies.

Another way is to transfer username and password in QueryString, such as
www.siten.com\login.aspx?username=****&password=****. Then in Page_Load of
login.aspx, we can use NameValueCollection coll=Request.QueryString to get
the username and password. Surely we can use some algorithm to secure the
username and password when putting it in QueryString.

If there is anything unclear, please feel free to post here.

By the way, we can send post notify email to you when there is useful reply
in the newsgroup. If you want to receive it in the future, please register
your no spam email alias at
http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.asp
&SD=msdn.

Best regards,
Yanhong Huang
Microsoft Community Support

Get Secure! ¨C www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Y

Yan-Hong Huang[MSFT]

Hello Douglas,

I wanted to post a quick note to see if you would like additional
assistance or information regarding this particular issue. If there is
anything unclear, please feel free to post here.

Thanks for participating the community.

Best regards,
Yanhong Huang
Microsoft Community Support

Get Secure! ¨C www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

What language should I learn to create an authentication website? 2
Forms authentication credentials fail 5
Passing Credentials to a basic authentication share 0
How to invalidate credentials in Basic Authentication 4
Forms Auth (roles being ignored) 0
Pass credentials from Win app to Web app 3
Basic Authentication 2
pass basic authentication credentials server side iis5 asp 2

Members online

Total: 33 (members: 1, guests: 32)
Robots: 430

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,055
Latest member
SlimSparkKetoACVReview

Latest Threads

Top