In the design stage, so I don't have the ability to test this scenario at
the moment, so I would be grateful if someone could prove to me that the
following scenario does not exist...
The idea is that we will have one website with multiple URLs pointing to it.
For example www.mySite.com and another being www.theirSite.com.
There will be a common authentication database holding the role information
etc (in ASP.NET 2.x).
So, envisage the following scenario:
I log on to the site www.mySite.com and it immediately asks me to
authenticate myself by re-directing me to the log-on page. I put in my
credentials user="john" and password="somethingSecure". The system then
recognises me and issues me with a security token. It then re-directs me to
the web page www.mySite.com/editYourCompanysData.aspx.
Having come to that page, I can see all my sensitive company's data which I
can edit because I'm in the correct membership role.
I then edit the URL in my browser to now say
www.theirSite.com.editYourCompanysData.aspx.
My question is will the website now accept my security token and give me
access to their data or will it barf and force me to re-log on?
If anyone can answer this and provide any links to resources to back up
their answer then I'd be extremely grateful (I've failed to find this
information myself)
Thanks
Griff
