G
grimgroups
I have multiple asp.net websites living in different domains. The
websites (pages, code, etc) are all identical. The databases driving
the websites are different. This is not a web farm.
I use Forms Authentication as the authentication method against custom
users and passwords stored in the databases. Assume the user/password
information is replicated across all the databases.
I would like to provide seamless navigation across the websites. In
other words, if the user has logged into website A and they click a
link which leads them to website B, I don't want them to have to login
with the same credentials on website B.
One solution is to save the credentials they used in session and then
pass them as url parameters to the login page. The login page would
have to know how to use the parameters. This is obviously a large
security hole and generally bad practice.
Another idea is to again save the credentials in session and manually
post to the login page with the credentials as post parameters (assume
ssl). The trick is to save the resulting cookie and reuse it when
redirecting the user to the requested page on the new website. I can't
get this working for a number of reasons and thought I would post here
to see if this has been done before or if anyone had any other ideas on
this topic.
Thanks.
Grim
websites (pages, code, etc) are all identical. The databases driving
the websites are different. This is not a web farm.
I use Forms Authentication as the authentication method against custom
users and passwords stored in the databases. Assume the user/password
information is replicated across all the databases.
I would like to provide seamless navigation across the websites. In
other words, if the user has logged into website A and they click a
link which leads them to website B, I don't want them to have to login
with the same credentials on website B.
One solution is to save the credentials they used in session and then
pass them as url parameters to the login page. The login page would
have to know how to use the parameters. This is obviously a large
security hole and generally bad practice.
Another idea is to again save the credentials in session and manually
post to the login page with the credentials as post parameters (assume
ssl). The trick is to save the resulting cookie and reuse it when
redirecting the user to the requested page on the new website. I can't
get this working for a number of reasons and thought I would post here
to see if this has been done before or if anyone had any other ideas on
this topic.
Thanks.
Grim