Web Security in Heterogeneous Environments


Joey Bravo


i want to build a .NET web service which allows web applications running on
different environments, some non microsoft, to authenticate agains an
existing database of users.

I would like to use as much as is available in the .net framework as

i've been thinking of using custom membership and role providers that
connects to the webservice which in turn looks up users and roles in the

However i'm not sure what to do in the web apps runnig on apache in php/jsp.

i was thinking of creating some sort of ticketing system, i.e. make them
request a ticket from the webservice, which will log it in a database and
store it in a cookie, then have them send credentials (web service runs in
https) and if validated it continues to pass the ticket for following
requests until the web service determines when it expires. But i'm not sure
how safe is this, and don't know exactly what to put in the ticket and how
to protect it/determine if it was hijacked..

any ideas?


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question