Forms based authentication + multiple applications + directory service....

Discussion in 'ASP .Net Security' started by Jéjé, Oct 20, 2005.

  1. Jéjé

    Jéjé Guest

    Hi,

    I have to implement a security like this:
    1. The user is logged into a home made extranet in PHP, a directory server
    is used (not the active directory) (its a form based authentication)
    2. the user click on a link on the extranet application and jump to another
    server & application which is my ASPX application

    I want to be able to keep the login of the user, so the user is directly
    authenticated.

    After this, I have to impersonate the page context because I have some
    secure information to retrieve from the disk and OLAP cubes.

    Today my ASPX application works correctly if I'm using the NTLM or Basic
    authentication.
    So the impersonation is easy in this case.

    Also its important for me to use the group membership to manage some
    authorization using the User.IsInRole system.

    To finish, I'm developping an ASP.NET 2.0 application.

    How can I implement this?
    I have to confirm this, but I can change the PHP application code to add
    some step in the process.

    thanks for your guide.

    Jerome.
     
    Jéjé, Oct 20, 2005
    #1
    1. Advertising

  2. RE: Forms based authentication + multiple applications + directory ser

    For single sign on across apps, you have to persist the sign on. In your PHP
    app, save something that you can carry with you in the ASP.NET application.
    You can then pull the user's info and store it in session, if you desire.

    Cross product authentication makes things hard, as PHP does not respect IIS
    logins. One day this may not be the case, but it is right now. I would
    consider passing the user's info in the header encrypted in some way. You can
    then pull it out in your "login" form and send the user to the page he
    requested if the header information matches an account (which it will if you
    coded correctly).

    --
    Gregory A. Beamer
    MVP; MCP: +I, SE, SD, DBA

    ***************************
    Think Outside the Box!
    ***************************


    "Jéjé" wrote:

    > Hi,
    >
    > I have to implement a security like this:
    > 1. The user is logged into a home made extranet in PHP, a directory server
    > is used (not the active directory) (its a form based authentication)
    > 2. the user click on a link on the extranet application and jump to another
    > server & application which is my ASPX application
    >
    > I want to be able to keep the login of the user, so the user is directly
    > authenticated.
    >
    > After this, I have to impersonate the page context because I have some
    > secure information to retrieve from the disk and OLAP cubes.
    >
    > Today my ASPX application works correctly if I'm using the NTLM or Basic
    > authentication.
    > So the impersonation is easy in this case.
    >
    > Also its important for me to use the group membership to manage some
    > authorization using the User.IsInRole system.
    >
    > To finish, I'm developping an ASP.NET 2.0 application.
    >
    > How can I implement this?
    > I have to confirm this, but I can change the PHP application code to add
    > some step in the process.
    >
    > thanks for your guide.
    >
    > Jerome.
    >
    >
    >
     
    Cowboy (Gregory A. Beamer) - MVP, Oct 20, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. JC
    Replies:
    1
    Views:
    565
  2. cab0san
    Replies:
    1
    Views:
    417
    cab0san
    Feb 14, 2005
  3. Jéjé
    Replies:
    1
    Views:
    461
    =?Utf-8?B?Q293Ym95IChHcmVnb3J5IEEuIEJlYW1lcikgLSBN
    Oct 20, 2005
  4. Replies:
    5
    Views:
    593
    =?Utf-8?B?UGV0ZXIgQnJvbWJlcmcgW0MjIE1WUF0=?=
    Nov 15, 2007
  5. Keltex
    Replies:
    1
    Views:
    420
    Dominick Baier [DevelopMentor]
    Jan 24, 2006
Loading...

Share This Page