Pass credentials from one web site to another for seamless login

T

TS

I have a partner company that has a web site that I need to gain access
through the web site in my company. I need to be able to log into my site
and then have somekind of way to then access this other site that also
requires a login in a way that allows me to pass a set of credentials to
this other site which uses those credentials to log me in so that I don't
have to log in again. The credentials that I want to pass would be a
predetermined set of credentials based on the credentials used to login to
my site; one for read only or one for admin priveledges.

I am using windows authentication on my web site, and the other site is
using session authentication using Java and Cold Fusion. The sites are on
different networks at 2 separate companies.

I figure what I can do is pass credentials to one of their web pages that
creates a session for the browser, and authorizes this session as READ ONLY
or Admin and then will redirect to the appropriate place on their site.

Does this sound good or do I need to do something else?

If I use this approach, what are my options to pass these credentials?

thanks!
 
D

David Coe, MCAD

You could pass your credentials via the query string (not necessarily a good idea), or call a web service at the other site. The web service would be responsible for authentication and authorization, setting the session information, etc.
 
J

Joe Kaplan \(MVP - ADSI\)

What sort of authentication mechanism does the other site provide? Does it
have a login screen or does it pop up a dialog in the brower?

If it has a login screen, then in order to create an authenticated session
with them, you are going to have to write some code (probably with
HttpWebRequest) to do a form post to their login page. If they use a
dialog, then you can probably authenticate with them using the appropriate
header values (depending on how they authenticate).

Joe K.
 
M

[MSFT]

Hello,

I think David's suggestion should be a good idea. Is it possible in your
solution?

Luke
 
T

TS

I can't do the webservice because the other site won't be able to do that. I
can of course do the query string thing, but I don't want the credentials to
be messed with.

It seems like the easiest thing would be to use the httpwebrequest as joe
pointed out, otherwise I would have to encrypt the data in q string and the
other site would have to decrypt it, et. I'm looking to have the other site
have to do as little as possible.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top