By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
425,992 Members | 934 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 425,992 IT Pros & Developers. It's quick & easy.

Passing Information Between Two ASP.NET Websites

P: n/a
I need to build website on my webserver which has information securely
passed to it from a web site running on a client's webserver.

My client has a website that has a secure login process running under
SSL. When a user has succesfully logged into that website they will be

able to follow a link to my website. As part of this link I need an id

of the user to be passed to my website so I know who the user is, I do

NOT need the user's username or password. The ids of all users is
already known to both websites.
My site can run using SSL and the simplest solution is to pass the id
of the user as part of the query string, i.e. the link is an anchor
with a HREF such as WWW.ADYSITE.CO.UK?id=123456789', but I do not know

how secure this is. I could envrypt the querystring so it is not
reable but I am not sure if this is necessary if I am using SSL, this
would mean that both the client and I would need to share envyption
keys.
I would like to limit the the amount of work the client will have to do

at their end so I need the simplest solution possible.
Any advice as to possible solutions would be welcome.
Regards
Ady

Apr 27 '06 #1
Share this Question
Share on Google+
1 Reply


P: n/a
you could encrypt the query string using .net's built in encryption support,
then use HttpUtility to Encode the string to make it url friendly.

(reply if you need an example)

end up with for eg.
http://sub.domain.com/postback.aspx?param=[your url friendly encrypted data]

This would rely on both servers knowing a shared encryption key and using
the same encryption algorithm.

Using SSL i the data passed between the servers will be encrypted - meaning
data intercepted between the servers will be secure, however the user would
be able to see the parameters being passed, in your case maybe their user id.

I would probably create a web service for doing what your suggesting. Very
similar method, just different implementation. Using VS.NET, create a web
service, it should be fairly obvious what to do with a little reading. You
then create a web reference to the service from the web app you want to call
the service. VS.NET creates a proxy class, which you can simply execute
methods from.

Food for thought

---------------------
Sam Martin
"an*****@valassis.co.uk" wrote:
I need to build website on my webserver which has information securely
passed to it from a web site running on a client's webserver.

My client has a website that has a secure login process running under
SSL. When a user has succesfully logged into that website they will be

able to follow a link to my website. As part of this link I need an id

of the user to be passed to my website so I know who the user is, I do

NOT need the user's username or password. The ids of all users is
already known to both websites.
My site can run using SSL and the simplest solution is to pass the id
of the user as part of the query string, i.e. the link is an anchor
with a HREF such as WWW.ADYSITE.CO.UK?id=123456789', but I do not know

how secure this is. I could envrypt the querystring so it is not
reable but I am not sure if this is necessary if I am using SSL, this
would mean that both the client and I would need to share envyption
keys.
I would like to limit the the amount of work the client will have to do

at their end so I need the simplest solution possible.
Any advice as to possible solutions would be welcome.
Regards
Ady

Apr 27 '06 #2

This discussion thread is closed

Replies have been disabled for this discussion.