Web Security in Heterogeneous Environments

Discussion in 'ASP .Net Security' started by Joey Bravo, Oct 10, 2008.

  1. Joey Bravo

    Joey Bravo Guest

    Hi,

    i want to build a .NET web service which allows web applications running on
    different environments, some non microsoft, to authenticate agains an
    existing database of users.

    I would like to use as much as is available in the .net framework as
    possible.

    i've been thinking of using custom membership and role providers that
    connects to the webservice which in turn looks up users and roles in the
    database.

    However i'm not sure what to do in the web apps runnig on apache in php/jsp.

    i was thinking of creating some sort of ticketing system, i.e. make them
    request a ticket from the webservice, which will log it in a database and
    store it in a cookie, then have them send credentials (web service runs in
    https) and if validated it continues to pass the ticket for following
    requests until the web service determines when it expires. But i'm not sure
    how safe is this, and don't know exactly what to put in the ticket and how
    to protect it/determine if it was hijacked..

    any ideas?
     
    Joey Bravo, Oct 10, 2008
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.