Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Pass credentials from one web site to another for seamless login

Reply
Thread Tools

Pass credentials from one web site to another for seamless login

 
 
TS
Guest
Posts: n/a
 
      06-24-2004
I have a partner company that has a web site that I need to gain access
through the web site in my company. I need to be able to log into my site
and then have somekind of way to then access this other site that also
requires a login in a way that allows me to pass a set of credentials to
this other site which uses those credentials to log me in so that I don't
have to log in again. The credentials that I want to pass would be a
predetermined set of credentials based on the credentials used to login to
my site; one for read only or one for admin priveledges.

I am using windows authentication on my web site, and the other site is
using session authentication using Java and Cold Fusion. The sites are on
different networks at 2 separate companies.

I figure what I can do is pass credentials to one of their web pages that
creates a session for the browser, and authorizes this session as READ ONLY
or Admin and then will redirect to the appropriate place on their site.

Does this sound good or do I need to do something else?

If I use this approach, what are my options to pass these credentials?

thanks!


 
Reply With Quote
 
 
 
 
David Coe, MCAD
Guest
Posts: n/a
 
      06-24-2004
You could pass your credentials via the query string (not necessarily a good idea), or call a web service at the other site. The web service would be responsible for authentication and authorization, setting the session information, etc.

"TS" wrote:

> I have a partner company that has a web site that I need to gain access
> through the web site in my company. I need to be able to log into my site
> and then have somekind of way to then access this other site that also
> requires a login in a way that allows me to pass a set of credentials to
> this other site which uses those credentials to log me in so that I don't
> have to log in again. The credentials that I want to pass would be a
> predetermined set of credentials based on the credentials used to login to
> my site; one for read only or one for admin priveledges.
>
> I am using windows authentication on my web site, and the other site is
> using session authentication using Java and Cold Fusion. The sites are on
> different networks at 2 separate companies.
>
> I figure what I can do is pass credentials to one of their web pages that
> creates a session for the browser, and authorizes this session as READ ONLY
> or Admin and then will redirect to the appropriate place on their site.
>
> Does this sound good or do I need to do something else?
>
> If I use this approach, what are my options to pass these credentials?
>
> thanks!
>
>
>

 
Reply With Quote
 
 
 
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      06-25-2004
What sort of authentication mechanism does the other site provide? Does it
have a login screen or does it pop up a dialog in the brower?

If it has a login screen, then in order to create an authenticated session
with them, you are going to have to write some code (probably with
HttpWebRequest) to do a form post to their login page. If they use a
dialog, then you can probably authenticate with them using the appropriate
header values (depending on how they authenticate).

Joe K.

"TS" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I have a partner company that has a web site that I need to gain access
> through the web site in my company. I need to be able to log into my site
> and then have somekind of way to then access this other site that also
> requires a login in a way that allows me to pass a set of credentials to
> this other site which uses those credentials to log me in so that I don't
> have to log in again. The credentials that I want to pass would be a
> predetermined set of credentials based on the credentials used to login to
> my site; one for read only or one for admin priveledges.
>
> I am using windows authentication on my web site, and the other site is
> using session authentication using Java and Cold Fusion. The sites are on
> different networks at 2 separate companies.
>
> I figure what I can do is pass credentials to one of their web pages that
> creates a session for the browser, and authorizes this session as READ

ONLY
> or Admin and then will redirect to the appropriate place on their site.
>
> Does this sound good or do I need to do something else?
>
> If I use this approach, what are my options to pass these credentials?
>
> thanks!
>
>



 
Reply With Quote
 
[MSFT]
Guest
Posts: n/a
 
      06-28-2004
Hello,

I think David's suggestion should be a good idea. Is it possible in your
solution?

Luke

 
Reply With Quote
 
TS
Guest
Posts: n/a
 
      06-28-2004
I can't do the webservice because the other site won't be able to do that. I
can of course do the query string thing, but I don't want the credentials to
be messed with.

It seems like the easiest thing would be to use the httpwebrequest as joe
pointed out, otherwise I would have to encrypt the data in q string and the
other site would have to decrypt it, et. I'm looking to have the other site
have to do as little as possible.


"[MSFT]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hello,
>
> I think David's suggestion should be a good idea. Is it possible in your
> solution?
>
> Luke
>



 
Reply With Quote
 
[MSFT]
Guest
Posts: n/a
 
      06-29-2004
HttpWebRequest should be a proper solution for the issue. Here is article
you may refer:

Using Internet Request and Response Classes
http://msdn.microsoft.com/library/de...us/cpguide/htm
l/cpconusinginternetrequestresponseclasses.asp

Luke

 
Reply With Quote
 
TS
Guest
Posts: n/a
 
      06-29-2004
thanks

"[MSFT]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> HttpWebRequest should be a proper solution for the issue. Here is article
> you may refer:
>
> Using Internet Request and Response Classes
>

http://msdn.microsoft.com/library/de...us/cpguide/htm
> l/cpconusinginternetrequestresponseclasses.asp
>
> Luke
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Seamless Login Libby ASP .Net Security 0 12-21-2005 03:02 PM
Seamless Login Page with ASP Dotnet Joe Rigley ASP .Net Security 2 01-28-2005 07:20 PM
Seamless Login Page with ASP Dotnet Joe Rigley ASP .Net 0 01-28-2005 05:03 PM
Web site content determined by login credentials? Michael Hogan ASP .Net 2 02-20-2004 07:54 PM
Web site content determined by login credentials? Michael Hogan ASP .Net Web Services 1 02-20-2004 07:52 AM



Advertisments