sharing authentication/authorization between ASP.NET and Classic ASP pages?

Discussion in 'ASP .Net' started by Guest, May 19, 2005.

  1. Guest

    Guest Guest

    I'm looking for articles, books, code, or just generally good approaches for
    how to deal with the problem of password-protecting pages in a website that
    consists of both ASP and ASP.NET pages.

    This isn't being built for a bank, and the method does not have to be
    super-uber-ultra-secure. It does need to fend off the average persistent
    hacker.

    Can someone please point the way? Thanks very much.

    -KF
    Guest, May 19, 2005
    #1
    1. Advertising

  2. Hi KF,

    ASP and ASP.Net are both ISAPIs (Internet Server Application Programming
    Interface), which means that they run as separate applications, or
    processes, on the web server machine. As they are separate rocesses, they
    cannot share memory. Therefore, the only way that they can "share data" or
    communicate with one another, is via Messaging of some sort or another. So,
    your answer lies in that realm. How does any client communicate with an ASP
    or ASP.Net application? Via HTTP, by sending a Request. Now, there are some
    other ways, depending on the relative locations of the applications, such as
    MSMQ (Message Queuing, or Messaging), but they are generally more trouble
    than you will need to go to.

    Now, as you want to protect the security of your users, you will probably
    want to at least hide information from the users by using POST requests
    rather than GET requests, and you can also incorporate some level of
    encryption via HTTPS (VERY secure), or your own hand-rolled encryption
    solution.

    --
    HTH,

    Kevin Spencer
    Microsoft MVP
    ..Net Developer
    Sometimes you eat the elephant.
    Sometimes the elephant eats you.

    <> wrote in message
    news:...
    > I'm looking for articles, books, code, or just generally good approaches
    > for how to deal with the problem of password-protecting pages in a website
    > that consists of both ASP and ASP.NET pages.
    >
    > This isn't being built for a bank, and the method does not have to be
    > super-uber-ultra-secure. It does need to fend off the average persistent
    > hacker.
    >
    > Can someone please point the way? Thanks very much.
    >
    > -KF
    >
    Kevin Spencer, May 19, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    8
    Views:
    883
    mhylden
    Nov 10, 2006
  2. Mike LeBlanc

    Sharing Authentication cookies between 1.0 and 1.1

    Mike LeBlanc, Jul 23, 2003, in forum: ASP .Net Security
    Replies:
    2
    Views:
    130
    Mike LeBlanc
    Jul 29, 2003
  3. =B=
    Replies:
    3
    Views:
    200
  4. SeanRW
    Replies:
    1
    Views:
    361
    Dominick Baier [DevelopMentor]
    May 25, 2006
  5. Jakob Lithner

    Simple authentication and authorization between applications?

    Jakob Lithner, Apr 9, 2008, in forum: ASP .Net Web Services
    Replies:
    7
    Views:
    148
    Jakob Lithner
    Apr 16, 2008
Loading...

Share This Page