Passing credentials from asp.net to asp site

J

Joseph George

Hi,

I have an ASP.Net 2.0 website which is currently under development,
called Web1. It has a link which takes the user to another website
called Web2, running ASP which is on a different machine.

Web1 uses Forms authentication with IIS6 running with Anonymous user.
Web2 uses windows authentication. Is there a way I can implement
single-signon for the users of Web1 such that if they login there and
click on the link, they are automatically logged into Web2?

Please note that the users need not be in any windows domain\network.
The problem is that Web2 belongs to a 3rd party vendor who support only
windows authentication. But we do have access to their asp files and
they do provide an SDK with limited functionality.

Thanks for any help,
Chumma Dede
 
D

Dominick Baier [DevelopMentor]

Hi,

does Windows authentication mean "Integrated" or do they also support Basic
Auth?

If they only support Integrated, you are out of luck..

With basic auth there is a hacky way involving client side script and handcrafting
headers i guess.
 
J

Joseph George

Does not need to be integrated. Can be basic also.

When you say 'hacky way', would it be reliable enough for production?
We plan to limit user-base to IE6 and will have only few hundred users
max.

Could you pass on your solution pls?

Thanks,
Chumma Dede
 
D

Dominick Baier [DevelopMentor]

Hi,

thinking about it...it sucks :)

to authenticate with IIS/basic you have to include a HTTP header which looks
like this:

WWW-Authenticate: username:password

user/pass are encoded as a Base64 string

if you can handcraft this request on the client (by generating jscript code
in the application) this *could* work

a) i am not sure if jscript has these abilities
b) this would mean that clear text credentials are embedded in the HTML

so basically - no there is no "production" way of doing this.
 
J

Joseph George

Thanks anyway for trying...

Do you think there could be a way to 'wrap' an asp.net site around the
asp site (Web2), such that the wrapper uses forms auth., but it then
passes windows credentials to the 'wrapped' asp?

Thanks,
Chumma
 
D

Dominick Baier [DevelopMentor]

Hi,

in 2.0 you have the possibility to pass headers from asp.net to asp - not
sure if IIS will pick up these header to do auth - never tried it.

I don't see a possibility in 1.1 - sorry
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,731
Messages
2,569,432
Members
44,832
Latest member
GlennSmall

Latest Threads

Top