Forms based authentication + multiple applications + directory service....

[Jéjé]

Hi,

I have to implement a security like this:
1. The user is logged into a home made extranet in PHP, a directory server
is used (not the active directory) (its a form based authentication)
2. the user click on a link on the extranet application and jump to another
server & application which is my ASPX application

I want to be able to keep the login of the user, so the user is directly
authenticated.

After this, I have to impersonate the page context because I have some
secure information to retrieve from the disk and OLAP cubes.

Today my ASPX application works correctly if I'm using the NTLM or Basic
authentication.
So the impersonation is easy in this case.

Also its important for me to use the group membership to manage some
authorization using the User.IsInRole system.

To finish, I'm developping an ASP.NET 2.0 application.

How can I implement this?
I have to confirm this, but I can change the PHP application code to add
some step in the process.

thanks for your guide.

Jerome.

 

[Guest]

For single sign on across apps, you have to persist the sign on. In your PHP
app, save something that you can carry with you in the ASP.NET application.
You can then pull the user's info and store it in session, if you desire.

Cross product authentication makes things hard, as PHP does not respect IIS
logins. One day this may not be the case, but it is right now. I would
consider passing the user's info in the header encrypted in some way. You can
then pull it out in your "login" form and send the user to the page he
requested if the header information matches an account (which it will if you
coded correctly).

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************