Pass credentials from one web site to another for seamless login

Discussion in 'ASP .Net Security' started by TS, Jun 24, 2004.

  1. TS

    TS Guest

    I have a partner company that has a web site that I need to gain access
    through the web site in my company. I need to be able to log into my site
    and then have somekind of way to then access this other site that also
    requires a login in a way that allows me to pass a set of credentials to
    this other site which uses those credentials to log me in so that I don't
    have to log in again. The credentials that I want to pass would be a
    predetermined set of credentials based on the credentials used to login to
    my site; one for read only or one for admin priveledges.

    I am using windows authentication on my web site, and the other site is
    using session authentication using Java and Cold Fusion. The sites are on
    different networks at 2 separate companies.

    I figure what I can do is pass credentials to one of their web pages that
    creates a session for the browser, and authorizes this session as READ ONLY
    or Admin and then will redirect to the appropriate place on their site.

    Does this sound good or do I need to do something else?

    If I use this approach, what are my options to pass these credentials?

    thanks!
     
    TS, Jun 24, 2004
    #1
    1. Advertising

  2. You could pass your credentials via the query string (not necessarily a good idea), or call a web service at the other site. The web service would be responsible for authentication and authorization, setting the session information, etc.

    "TS" wrote:

    > I have a partner company that has a web site that I need to gain access
    > through the web site in my company. I need to be able to log into my site
    > and then have somekind of way to then access this other site that also
    > requires a login in a way that allows me to pass a set of credentials to
    > this other site which uses those credentials to log me in so that I don't
    > have to log in again. The credentials that I want to pass would be a
    > predetermined set of credentials based on the credentials used to login to
    > my site; one for read only or one for admin priveledges.
    >
    > I am using windows authentication on my web site, and the other site is
    > using session authentication using Java and Cold Fusion. The sites are on
    > different networks at 2 separate companies.
    >
    > I figure what I can do is pass credentials to one of their web pages that
    > creates a session for the browser, and authorizes this session as READ ONLY
    > or Admin and then will redirect to the appropriate place on their site.
    >
    > Does this sound good or do I need to do something else?
    >
    > If I use this approach, what are my options to pass these credentials?
    >
    > thanks!
    >
    >
    >
     
    David Coe, MCAD, Jun 24, 2004
    #2
    1. Advertising

  3. What sort of authentication mechanism does the other site provide? Does it
    have a login screen or does it pop up a dialog in the brower?

    If it has a login screen, then in order to create an authenticated session
    with them, you are going to have to write some code (probably with
    HttpWebRequest) to do a form post to their login page. If they use a
    dialog, then you can probably authenticate with them using the appropriate
    header values (depending on how they authenticate).

    Joe K.

    "TS" <> wrote in message
    news:...
    > I have a partner company that has a web site that I need to gain access
    > through the web site in my company. I need to be able to log into my site
    > and then have somekind of way to then access this other site that also
    > requires a login in a way that allows me to pass a set of credentials to
    > this other site which uses those credentials to log me in so that I don't
    > have to log in again. The credentials that I want to pass would be a
    > predetermined set of credentials based on the credentials used to login to
    > my site; one for read only or one for admin priveledges.
    >
    > I am using windows authentication on my web site, and the other site is
    > using session authentication using Java and Cold Fusion. The sites are on
    > different networks at 2 separate companies.
    >
    > I figure what I can do is pass credentials to one of their web pages that
    > creates a session for the browser, and authorizes this session as READ

    ONLY
    > or Admin and then will redirect to the appropriate place on their site.
    >
    > Does this sound good or do I need to do something else?
    >
    > If I use this approach, what are my options to pass these credentials?
    >
    > thanks!
    >
    >
     
    Joe Kaplan \(MVP - ADSI\), Jun 25, 2004
    #3
  4. TS

    [MSFT] Guest

    Hello,

    I think David's suggestion should be a good idea. Is it possible in your
    solution?

    Luke
     
    [MSFT], Jun 28, 2004
    #4
  5. TS

    TS Guest

    I can't do the webservice because the other site won't be able to do that. I
    can of course do the query string thing, but I don't want the credentials to
    be messed with.

    It seems like the easiest thing would be to use the httpwebrequest as joe
    pointed out, otherwise I would have to encrypt the data in q string and the
    other site would have to decrypt it, et. I'm looking to have the other site
    have to do as little as possible.


    "[MSFT]" <> wrote in message
    news:...
    > Hello,
    >
    > I think David's suggestion should be a good idea. Is it possible in your
    > solution?
    >
    > Luke
    >
     
    TS, Jun 28, 2004
    #5
  6. TS

    [MSFT] Guest

    [MSFT], Jun 29, 2004
    #6
  7. TS

    TS Guest

    TS, Jun 29, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Michael Hogan
    Replies:
    2
    Views:
    298
    Michael Hogan
    Feb 20, 2004
  2. Joe Rigley

    Seamless Login Page with ASP Dotnet

    Joe Rigley, Jan 28, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    2,229
    Joe Rigley
    Jan 28, 2005
  3. Roger Withnell
    Replies:
    2
    Views:
    452
    Beauregard T. Shagnasty
    Jan 25, 2007
  4. Joe Rigley

    Seamless Login Page with ASP Dotnet

    Joe Rigley, Jan 28, 2005, in forum: ASP .Net Security
    Replies:
    2
    Views:
    140
    Joe Rigley
    Jan 28, 2005
  5. Libby

    Seamless Login

    Libby, Dec 21, 2005, in forum: ASP .Net Security
    Replies:
    0
    Views:
    163
    Libby
    Dec 21, 2005
Loading...

Share This Page