authenticating from ASP.NET to PHP !!

Hello.

I'm not quite sure how to solve the issue. I think I'd (since my
knowledge is so limited) would send an id in the URL and have the
PHP-site check this against a database, and remove it at the same time
so people can't fake anything.

And yes, a cookie would work, but it'd be quite easy to fake a cookie
wouldn't it? ;-)

On Oct 22, 7:08 am, "SuperRobot5000" <vimal.na...@gmail.comwrote:

Hi All,

Ok, I know that the title of this question might seem strange... but i
need to be able to authenticate from a .NET website (which a user would
be logged on) to a PHP website (with the same user details).

Does anyone know if there is a way to do this? I think the only way is
to use an encrypted URL... but how would I encrypt the URL from the
ASP.NET app into a format that the PHP app can decrypt?

would a cookie also work? can you use cookies between
applications/sites?

Please help. :o(

SuperRobot5000 wrote:

Hi All,

Ok, I know that the title of this question might seem strange... but i
need to be able to authenticate from a .NET website (which a user would
be logged on) to a PHP website (with the same user details).

Does anyone know if there is a way to do this? I think the only way is
to use an encrypted URL... but how would I encrypt the URL from the
ASP.NET app into a format that the PHP app can decrypt?

would a cookie also work? can you use cookies between
applications/sites?

Please help. :o(

Cookies don't work cross-domain - to allow them to do so would be a huge
security risk.

It really doesn't make a lot of difference what languages the sites are
written in - your .asp site will only "see" the html output (and
vice-versa, if necessary).

One way would be to encrypt the userid and password and have it passed
to a special login page (assuming you have control of the other site) as
GET parameters. When I need encryption (as opposed to hashing which is
not reversible), either use the libmcrypt routines or my own. This
isn't real secure, though, unless you use ssl. And it doesn't work if
you use the authentication provided by the webserver (as opposed to
programmer authentication).

But any other way is not easy. You can't do the authentication for the
browser, and you can't instruct the browser to do the authentication on
the new site for you. This means you would have to proxy the second
site in the first, and handle the authentication in your .NET code. And
how it's done would be dependent on how the authentication is done on
the remote site.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Thanks for the advice guys.

The only issue with encrypting a the URL is that I'll need routines in
both systems that match, but I dont know PHP well enough to be able to
do this. :o(

I have made the 2 systems on the same domain now, so cookies are an
option. Can anyone give any tips on how I might achieve this between
the ASP.NET and PHP apps?

SR5k

Jerry Stuckle wrote:

SuperRobot5000 wrote:

Hi All,

Ok, I know that the title of this question might seem strange... but i
need to be able to authenticate from a .NET website (which a user would
be logged on) to a PHP website (with the same user details).

Does anyone know if there is a way to do this? I think the only way is
to use an encrypted URL... but how would I encrypt the URL from the
ASP.NET app into a format that the PHP app can decrypt?

would a cookie also work? can you use cookies between
applications/sites?

Please help. :o(

Cookies don't work cross-domain - to allow them to do so would be a huge
security risk.

It really doesn't make a lot of difference what languages the sites are
written in - your .asp site will only "see" the html output (and
vice-versa, if necessary).

One way would be to encrypt the userid and password and have it passed
to a special login page (assuming you have control of the other site) as
GET parameters. When I need encryption (as opposed to hashing which is
not reversible), either use the libmcrypt routines or my own. This
isn't real secure, though, unless you use ssl. And it doesn't work if
you use the authentication provided by the webserver (as opposed to
programmer authentication).

But any other way is not easy. You can't do the authentication for the
browser, and you can't instruct the browser to do the authentication on
the new site for you. This means you would have to proxy the second
site in the first, and handle the authentication in your .NET code. And
how it's done would be dependent on how the authentication is done on
the remote site.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

SuperRobot5000 wrote:

Jerry Stuckle wrote:

>>SuperRobot5000 wrote:

>>>Hi All,

Ok, I know that the title of this question might seem strange... but i
need to be able to authenticate from a .NET website (which a user would
be logged on) to a PHP website (with the same user details).

Does anyone know if there is a way to do this? I think the only way is
to use an encrypted URL... but how would I encrypt the URL from the
ASP.NET app into a format that the PHP app can decrypt?

would a cookie also work? can you use cookies between
applications/sites?

Please help. :o(

Cookies don't work cross-domain - to allow them to do so would be a huge
security risk.

It really doesn't make a lot of difference what languages the sites are
written in - your .asp site will only "see" the html output (and
vice-versa, if necessary).

One way would be to encrypt the userid and password and have it passed
to a special login page (assuming you have control of the other site) as
GET parameters. When I need encryption (as opposed to hashing which is
not reversible), either use the libmcrypt routines or my own. This
isn't real secure, though, unless you use ssl. And it doesn't work if
you use the authentication provided by the webserver (as opposed to
programmer authentication).

But any other way is not easy. You can't do the authentication for the
browser, and you can't instruct the browser to do the authentication on
the new site for you. This means you would have to proxy the second
site in the first, and handle the authentication in your .NET code. And
how it's done would be dependent on how the authentication is done on
the remote site.

Thanks for the advice guys.

The only issue with encrypting a the URL is that I'll need routines in
both systems that match, but I don t know PHP well enough to be able to
do this. :o(

I have made the 2 systems on the same domain now, so cookies are an
option. Can anyone give any tips on how I might achieve this between
the ASP.NET and PHP apps?

SR5k

(Top posting fixed).

Shouldn't be too hard. Just set the cookie in one app and read it in
the other. As long as you're just storing character (no binary) data in
it, it should work fine.

You won't be able to share session information, though. If you need to
store something sensitive (i.e. userid), you might think about creating
a pseudo-session in a database and store you data there. store a (long)
key to the row in a cookie. It will emulate a session - but be readable
by both.

Of course, every once in a while you'll want to delete old rows.

P.S. Please don't top post. Thanks.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================