Hi,
yes you can do that - ASP.NET 2.0 has some plumbing to do forms authentication
and then bounce the requests to the ASP ISAPI - i wrote a little bit about
it here:
http://www.leastprivilege.com/Protec...hASPNET20.aspx
(especially the 2nd part about DefaultHttpHandler)
One problem though, to communication username and roles to ASP - you have
to use HTTP headers. But you also have to protect them, e.g. using a MAC.
Otherwise someone from the outside could send bogus headers with the same
name and to a privilege escalation attack.
I have detailed all steps in my upcoming book (sorry available in 2 weeks)
http://www.microsoft.com/mspress/books/9989.asp
But feel free to ask.
---
Dominick Baier, DevelopMentor
http://www.leastprivilege.com
Hi
Is it possible to use asp.net membership/login control with pure asp
i.e. user logs in using login control and then asp can use it somehow?
Is there a code example somewhere?
Thanks
Regards