Dmin7b5

Dmin7b5

  • NA
  • 1
  • 0

Authentication Between Two Different Websites

Aug 29 2004 9:45 AM
I've been asked to make the following work. I'm currently using Forms authention. Here's the scenario: Website one and website two should provide functionality that will allow an authenticated user on website one (Forms Auth), to directly go to some specified pages on website two, without having to enter their uid/pwd again on website two. The websites are hosted by two different companies on 2 different servers. Website one is coded in .NET/C#, website two in traditional ASP. My Best Shot At A Proposed Solution: Nightly SQLServer data dumps of a User table from website one are sent to website two. Website two can then authenticate Users from website one. Flow Example: A user on website one clicks a URL that will eventually take them to a page on website two. However, the actual URL they click takes them to a processing page on website one. The URL contains a QueryString parameter which tells the processing page what page on website two the user wants. Processing Page On Website One Functionality: Gets the UID and MD5 encrypted PWD for the currently logged in User. Determines the intended target page on website two from the passed QueryString value. Redirects to a processing page on website two, sending website two all of the necessary login information for it to authenticate the User, and the requested URL on website two. ISSUES? I know if I do a Response.Redirect I can pass website two's processing page a QueryString containing the UID, MD5 encrypted PWD, and target URL. Would sending it via an HTTP POST be any more secure? If so, how would I do a POST from the processing page that redirects control over to website two? Also, if my entire proposed solution is way off base, please let me know. I literally have about 2 days next week to try and get all of this working. TIA, Jeff [email protected]