473,320 Members | 2,109 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

sharing authentication/authorization between ASP.NET and Classic ASP pages?

I'm looking for articles, books, code, or just generally good approaches for
how to deal with the problem of password-protecting pages in a website that
consists of both ASP and ASP.NET pages.

This isn't being built for a bank, and the method does not have to be
super-uber-ultra-secure. It does need to fend off the average persistent
hacker.

Can someone please point the way? Thanks very much.

-KF
Nov 19 '05 #1
1 1229
Hi KF,

ASP and ASP.Net are both ISAPIs (Internet Server Application Programming
Interface), which means that they run as separate applications, or
processes, on the web server machine. As they are separate rocesses, they
cannot share memory. Therefore, the only way that they can "share data" or
communicate with one another, is via Messaging of some sort or another. So,
your answer lies in that realm. How does any client communicate with an ASP
or ASP.Net application? Via HTTP, by sending a Request. Now, there are some
other ways, depending on the relative locations of the applications, such as
MSMQ (Message Queuing, or Messaging), but they are generally more trouble
than you will need to go to.

Now, as you want to protect the security of your users, you will probably
want to at least hide information from the users by using POST requests
rather than GET requests, and you can also incorporate some level of
encryption via HTTPS (VERY secure), or your own hand-rolled encryption
solution.

--
HTH,

Kevin Spencer
Microsoft MVP
..Net Developer
Sometimes you eat the elephant.
Sometimes the elephant eats you.

<ke*****@u.washington.edu> wrote in message
news:el**************@TK2MSFTNGP14.phx.gbl...
I'm looking for articles, books, code, or just generally good approaches
for how to deal with the problem of password-protecting pages in a website
that consists of both ASP and ASP.NET pages.

This isn't being built for a bank, and the method does not have to be
super-uber-ultra-secure. It does need to fend off the average persistent
hacker.

Can someone please point the way? Thanks very much.

-KF

Nov 19 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
by: Billy Jacobs | last post by:
I have a website which has both secure and non-secure pages. I want to uses forms authentication. How do I accomplish this? Originally I had my web.config file in the root with Forms...
1
by: Michael Shutt | last post by:
We have an existing ISAPI filter that performs authentication for all pages on our web site, including pages we are now writing for ASP.NET. The filter is pretty basic, receiving the user name and...
11
by: ElmoWatson | last post by:
I tried on the Security newgroup, as well as other places, and haven't gotten an answer yet - - I'm pulling my hair out over this one. I'm trying to get Forms Authentication working.....I can get...
3
by: Kris van der Mast | last post by:
Hi, I've created a little site for my sports club. In the root folder there are pages that are viewable by every anonymous user but at a certain subfolder my administration pages should be...
2
by: Eric | last post by:
I am trying to build an app where the stuff in the root directory is open to all, but anything under the Restricted directory requires you to login and I want to use Forms to do it. I'm having...
4
by: nicholas | last post by:
Hi, Got an asp.net application and I use the "forms" authentication mode defined in the web.config file. Everything works fine. But now I would like to add a second, different login page for...
11
by: xenophon | last post by:
I have a web site with forms authentication and a single logon page. I have 4 subdirectories, each that should be protected by a different username/password combination. For testing purposes, the...
9
by: dana lees | last post by:
Hello, I am developing a C# asp.net application. I am using the authentication and authorization mechanism, which its timeout is set to 60 minutes. My application consists of 2 frames - a...
1
by: Joe | last post by:
What I want to do is make only one page require a login. The application itself works fine. I'm getting the following error: Parser Error Message: It is an error to use a section registered as...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.