S
Steven Spits
Hi,
Our company has a database of users that we use to authenticate users on
various websites.
However, some of our customers want to develop a website on their own and
use the same database authenticate users.
At first I was thinking to create a WebService that accepts username &
password and returns if it's valid or not. But it is *very* important that
our customers don't know the password of these users. Because our customers
could "log" the data send to the webservice, this is obviously not a good
idea.
So I guess what we need is a system like Microsoft passport where the user
gets redirected to another website to logon and returns to the original url
afterwards.
What would be the best way to communicate between urls? It should be easy to
implement and yet secure.
Steven
- - -
Our company has a database of users that we use to authenticate users on
various websites.
However, some of our customers want to develop a website on their own and
use the same database authenticate users.
At first I was thinking to create a WebService that accepts username &
password and returns if it's valid or not. But it is *very* important that
our customers don't know the password of these users. Because our customers
could "log" the data send to the webservice, this is obviously not a good
idea.
So I guess what we need is a system like Microsoft passport where the user
gets redirected to another website to logon and returns to the original url
afterwards.
What would be the best way to communicate between urls? It should be easy to
implement and yet secure.
Steven
- - -