Web Security in Heterogeneous Environments

Discussion in 'ASP .Net Security' started by Joey Bravo, Oct 10, 2008.

  1. Joey Bravo

    Joey Bravo Guest

    Hi,

    i want to build a .NET web service which allows web applications running on
    different environments, some non microsoft, to authenticate agains an
    existing database of users.

    I would like to use as much as is available in the .net framework as
    possible.

    i've been thinking of using custom membership and role providers that
    connects to the webservice which in turn looks up users and roles in the
    database.

    However i'm not sure what to do in the web apps runnig on apache in php/jsp.

    i was thinking of creating some sort of ticketing system, i.e. make them
    request a ticket from the webservice, which will log it in a database and
    store it in a cookie, then have them send credentials (web service runs in
    https) and if validated it continues to pass the ticket for following
    requests until the web service determines when it expires. But i'm not sure
    how safe is this, and don't know exactly what to put in the ticket and how
    to protect it/determine if it was hijacked..

    any ideas?
     
    Joey Bravo, Oct 10, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. kj
    Replies:
    1
    Views:
    377
    Ashmodai
    Apr 15, 2004
  2. Mike
    Replies:
    3
    Views:
    490
  3. Jason
    Replies:
    0
    Views:
    412
    Jason
    Aug 21, 2003
  4. Markus Dehmann
    Replies:
    8
    Views:
    2,106
    bartek
    Jun 2, 2004
  5. Dinis Cruz
    Replies:
    0
    Views:
    193
    Dinis Cruz
    Oct 30, 2003
Loading...

Share This Page