473,750 Members | 2,308 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Forms based authentication + multiple applications + directory service....

Hi,

I have to implement a security like this:
1. The user is logged into a home made extranet in PHP, a directory server
is used (not the active directory) (its a form based authentication)
2. the user click on a link on the extranet application and jump to another
server & application which is my ASPX application

I want to be able to keep the login of the user, so the user is directly
authenticated.

After this, I have to impersonate the page context because I have some
secure information to retrieve from the disk and OLAP cubes.

Today my ASPX application works correctly if I'm using the NTLM or Basic
authentication.
So the impersonation is easy in this case.

Also its important for me to use the group membership to manage some
authorization using the User.IsInRole system.

To finish, I'm developping an ASP.NET 2.0 application.

How can I implement this?
I have to confirm this, but I can change the PHP application code to add
some step in the process.

thanks for your guide.

Jerome.
Nov 19 '05 #1
1 1730
For single sign on across apps, you have to persist the sign on. In your PHP
app, save something that you can carry with you in the ASP.NET application.
You can then pull the user's info and store it in session, if you desire.

Cross product authentication makes things hard, as PHP does not respect IIS
logins. One day this may not be the case, but it is right now. I would
consider passing the user's info in the header encrypted in some way. You can
then pull it out in your "login" form and send the user to the page he
requested if the header information matches an account (which it will if you
coded correctly).

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

*************** ************
Think Outside the Box!
*************** ************
"Jéjé" wrote:
Hi,

I have to implement a security like this:
1. The user is logged into a home made extranet in PHP, a directory server
is used (not the active directory) (its a form based authentication)
2. the user click on a link on the extranet application and jump to another
server & application which is my ASPX application

I want to be able to keep the login of the user, so the user is directly
authenticated.

After this, I have to impersonate the page context because I have some
secure information to retrieve from the disk and OLAP cubes.

Today my ASPX application works correctly if I'm using the NTLM or Basic
authentication.
So the impersonation is easy in this case.

Also its important for me to use the group membership to manage some
authorization using the User.IsInRole system.

To finish, I'm developping an ASP.NET 2.0 application.

How can I implement this?
I have to confirm this, but I can change the PHP application code to add
some step in the process.

thanks for your guide.

Jerome.

Nov 19 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
6
4839
Secure and Unsecure Web Directories using Forms Authentication
by: Billy Jacobs | last post by:
I have a website which has both secure and non-secure pages. I want to uses forms authentication. How do I accomplish this? Originally I had my web.config file in the root with Forms Authentication set up and it worked just fine. Then I realized that I needed to have some pages unsecure. I then created 2 directories. One named Secure and the other named Public. I placed my web.config file in my
.NET Framework
2
4662
How to implement multiple login forms?
by: James X. Li | last post by:
Is there a way to implement multiple login forms for ASP.NET applications? With our application we want to implement simple login form for normal resources (downloadable files), but more rigorous login forms for tasks like administration and configuration. The current ASP.NET seems only to allow to a single login form via the authentication element in web.config in the root directory. One work-around for our problem is implementing a...
ASP.NET
9
4637
forms authentication with loginurl on a remote machine
by: Hermit Dave | last post by:
Hi, I am making a web application (rather two applications) one which is host and used by customers when they are just browsing through products. The second application resides on a secure server. This is going to hold all account related information for the customers and will also be used for admin The login is implemented using forms authentication and i was just reading up about that... but as everyone already knows.... its all...
ASP.NET
1
3508
Multiple sessions and forms-based authentication
by: Rob | last post by:
I have an ASP.NET application that uses forms-based authentication. A user wishes to be able to run multiple sessions of this application simultaneously from the user's client machine. The web.config file is configured as such: <authentication mode="Forms"> <forms loginUrl="Login.aspx" protection="All" name="myApplication"/> </authentication>
ASP.NET
0
4241
ASP.NET Forms Authentication Best Practices
by: Anonieko Ramos | last post by:
ASP.NET Forms Authentication Best Practices Dr. Dobb's Journal February 2004 Protecting user information is critical By Douglas Reilly Douglas is the author of Designing Microsoft ASP.NET Applications and owner of Access Microsystems. Doug can be reached at doug@accessmicrosystems.com. --------------------------------------------------------------------------------
ASP.NET
12
1622
Forms Authentication Error
by: Brett Robichaud | last post by:
Is anyone familiar with this error? I have this running just fine on my local machine but when I pushed it out to our development server I get this error. I have no idea what it is saying. Any clues? -Brett- Server Error in '/' Application. ---------------------------------------------------------------------------- ----
ASP.NET
6
2866
HTML file server side includes plus forms authentication
by: William F. Zachmann | last post by:
We've got a project going that involves moving an old web site with a massive dll written in C++ that produces most of the output from a SQL 7.0 data base on NT4 onto IIS on Windows 2003 Server with SQL 2000. All new code is being written in C# using ASP.NET and we are using forms authentication to control access to particular directories/applications. We are having a hard time figuring out how to configure the thing so that existing...
ASP.NET
2
1878
Forms Authentication with AD storage for credentials.
by: Max2006 | last post by:
Hi, We prefer ASP.NET Forms Authentication in our ASP.NET 3.5 application; however we have to use Active Directory for user name and password storage. Is that possible? Is there any sample application to do this? Thank you, Max
ASP.NET
5
3565
Forms Authentication vs MembershipProvider
by: Rory Becker | last post by:
Having now created a Custom MembershipProvider that seems to work correctly with my Logon and ChangePassword controls, I am, as they say, a happy bunny. The next stange is to move on to the creation of content which adjusts based on the user. I have several pages which require a user to be logged on and several which do not. Prior to this point in time I have used 2 different master pages. one with a control which checks a session...
ASP.NET
0
8833
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
9568
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
9389
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
9335
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
1
6801
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6079
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
4881
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
2
2794
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
2218
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us