 | |
Re: pass credentials from one web site to another
Dotnet Security microsoft.public.dotnet.security
 |
| | Thread Tools | Search this Thread | Display Modes |
#1
 
| |||
| |||
|
Re: pass credentials from one web site to another -
06-21-2004
, 04:01 PM
|
You need to know how they actually provide credentials to be authenticated and then find a way to do the same thing in code. It may or may not be possible to do. For example, if they use Forms auth, you would need to post your credentials to their login page and get their cookie back in the response. Then you would need to send that cookie in each additional request. It totally depends on how their site does authentication. Joe K. "TS" <manofsteele (AT) 311 (DOT) com> wrote in message news:eCfbEUHVEHA.2388 (AT) TK2MSFTNGP09 (DOT) phx.gbl... They are using custom authentication, probably using a session. So with this scenario what are my options? "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan (AT) removethis (DOT) accenture.com wrote in message news:eUb%23q2wTEHA.204 (AT) TK2MSFTNGP10 (DOT) phx.gbl... It is going to depend entirely on how his site's authentication is set up. For example, if they use Windows auth, then you can pass some known good credentials in the HttpWebRequest and they will be read by their server. If they are doing a cookie-based scheme, then perhaps you could pass a special cookie or something. How does the partner's website do authentication? Joe K. "TS" <manofsteele (AT) 311 (DOT) com> wrote in message news:%236cvx3vTEHA.1472 (AT) TK2MSFTNGP12 (DOT) phx.gbl... My app is already done, so I don't want to change my authentication scheme just to solve this problem. There has to be a way to do this. I was thinking that at least I could send over encrypted parameters in the query string which he could then parse and check against his data store. I'm pretty sure he's not using windows authentication, probably a custom scheme. Any other ideas? ""Shawn Farkas"" <shawnfa (AT) online (DOT) microsoft.com> wrote in message news:XlVj9woTEHA.2160 (AT) cpmsftngxa10 (DOT) phx.gbl... Since the sites are on different networks, Windows Authentication would not work for you. You should look at Forms Authentication (which is basically roll-your-own authentication), or using Passport to solve your problem. -Shawn http://blogs.msdn.com/shawnfa -- This posting is provided "AS IS" with no warranties, and confers no rights. Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated. -------------------- From: "TS" <manofsteele (AT) 311 (DOT) com Subject: pass credentials from one web site to another Date: Wed, 9 Jun 2004 11:22:13 -0500 Lines: 17 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Message-ID: <OjGI23jTEHA.3476 (AT) tk2msftngp13 (DOT) phx.gbl Newsgroups: microsoft.public.dotnet.security NNTP-Posting-Host: proxy.txdps.state.tx.us 204.65.230.7 Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFT NGP08.phx.gbl!tk2msftngp13 .phx.gbl Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.security:6412 X-Tomcat-NG: microsoft.public.dotnet.security I have a partner company that has a web site that I need to gain access through the web site in my company. I need to be able to log into my site and then have someking of way to then access this other site that also requires a login in a way that allows me to pass a set of credentials to this other site which uses those credentials to log me in so that I don't have to log in again. The credentials that I want to pass may be my current credentials I currently used to log into my site, or it could be a predetermined set of credentials, either one for read only or one for admin priveledges. I am using windows authentication on my web site, and not sure about the other site. The sites are on different networks at 2 separate companies. What are my options? thanks! |
#2
| |||
| |||
|
|
OK, I just found out that they are using cold fusion and java and saving the info to a session. He was telling me that the way those languages use session is that it is saved to memory and that cold fusion and java both share the same session. He also said that unlike asp, no cookie is saved to the user's machine (asp does have url based cookieless session). He was saying that this way, the browser can have cookies turned off and the session still works. I have 3 questions: I read that asp's cookie is an in-memory cookie. I was thinking that it actually added a textfile to the machine, which is correct? Also, in asp, session requires that cookies are not turned off? Based on this scenario, what is your recommendation? thanks a bunch Joe "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan (AT) removethis (DOT) accenture.com> wrote in message news:uMV5EvIVEHA.3380 (AT) TK2MSFTNGP11 (DOT) phx.gbl... You need to know how they actually provide credentials to be authenticated and then find a way to do the same thing in code. It may or may not be possible to do. For example, if they use Forms auth, you would need to post your credentials to their login page and get their cookie back in the response. Then you would need to send that cookie in each additional request. It totally depends on how their site does authentication. Joe K. "TS" <manofsteele (AT) 311 (DOT) com> wrote in message news:eCfbEUHVEHA.2388 (AT) TK2MSFTNGP09 (DOT) phx.gbl... They are using custom authentication, probably using a session. So with this scenario what are my options? "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan (AT) removethis (DOT) accenture.com wrote in message news:eUb%23q2wTEHA.204 (AT) TK2MSFTNGP10 (DOT) phx.gbl... It is going to depend entirely on how his site's authentication is set up. For example, if they use Windows auth, then you can pass some known good credentials in the HttpWebRequest and they will be read by their server. If they are doing a cookie-based scheme, then perhaps you could pass a special cookie or something. How does the partner's website do authentication? Joe K. "TS" <manofsteele (AT) 311 (DOT) com> wrote in message news:%236cvx3vTEHA.1472 (AT) TK2MSFTNGP12 (DOT) phx.gbl... My app is already done, so I don't want to change my authentication scheme just to solve this problem. There has to be a way to do this. I was thinking that at least I could send over encrypted parameters in the query string which he could then parse and check against his data store. I'm pretty sure he's not using windows authentication, probably a custom scheme. Any other ideas? ""Shawn Farkas"" <shawnfa (AT) online (DOT) microsoft.com> wrote in message news:XlVj9woTEHA.2160 (AT) cpmsftngxa10 (DOT) phx.gbl... Since the sites are on different networks, Windows Authentication would not work for you. You should look at Forms Authentication (which is basically roll-your-own authentication), or using Passport to solve your problem. -Shawn http://blogs.msdn.com/shawnfa -- This posting is provided "AS IS" with no warranties, and confers no rights. Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated. -------------------- From: "TS" <manofsteele (AT) 311 (DOT) com Subject: pass credentials from one web site to another Date: Wed, 9 Jun 2004 11:22:13 -0500 Lines: 17 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Message-ID: <OjGI23jTEHA.3476 (AT) tk2msftngp13 (DOT) phx.gbl Newsgroups: microsoft.public.dotnet.security NNTP-Posting-Host: proxy.txdps.state.tx.us 204.65.230.7 Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFT NGP08.phx.gbl!tk2msftngp13 .phx.gbl Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.security:6412 X-Tomcat-NG: microsoft.public.dotnet.security I have a partner company that has a web site that I need to gain access through the web site in my company. I need to be able to log into my site and then have someking of way to then access this other site that also requires a login in a way that allows me to pass a set of credentials to this other site which uses those credentials to log me in so that I don't have to log in again. The credentials that I want to pass may be my current credentials I currently used to log into my site, or it could be a predetermined set of credentials, either one for read only or one for admin priveledges. I am using windows authentication on my web site, and not sure about the other site. The sites are on different networks at 2 separate companies. What are my options? thanks! |
|
« Previous Thread
|
Next Thread »
| Thread Tools | Search this Thread |
| Display Modes | |
Linear Mode
| |
Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.