|
|
Posted by Jerry Stuckle on 10/24/06 01:27
SuperRobot5000 wrote:
> Jerry Stuckle wrote:
>
>>SuperRobot5000 wrote:
>>
>>>Hi All,
>>>
>>>Ok, I know that the title of this question might seem strange... but i
>>>need to be able to authenticate from a .NET website (which a user would
>>>be logged on) to a PHP website (with the same user details).
>>>
>>>Does anyone know if there is a way to do this? I think the only way is
>>>to use an encrypted URL... but how would I encrypt the URL from the
>>>ASP.NET app into a format that the PHP app can decrypt?
>>>
>>>would a cookie also work? can you use cookies between
>>>applications/sites?
>>>
>>>Please help. :o(
>>>
>>
>>Cookies don't work cross-domain - to allow them to do so would be a huge
>>security risk.
>>
>>It really doesn't make a lot of difference what languages the sites are
>>written in - your .asp site will only "see" the html output (and
>>vice-versa, if necessary).
>>
>>One way would be to encrypt the userid and password and have it passed
>>to a special login page (assuming you have control of the other site) as
>>GET parameters. When I need encryption (as opposed to hashing which is
>>not reversible), either use the libmcrypt routines or my own. This
>>isn't real secure, though, unless you use ssl. And it doesn't work if
>>you use the authentication provided by the webserver (as opposed to
>>programmer authentication).
>>
>>But any other way is not easy. You can't do the authentication for the
>>browser, and you can't instruct the browser to do the authentication on
>>the new site for you. This means you would have to proxy the second
>>site in the first, and handle the authentication in your .NET code. And
>>how it's done would be dependent on how the authentication is done on
>>the remote site.
>>
> Thanks for the advice guys.
>
> The only issue with encrypting a the URL is that I'll need routines in
> both systems that match, but I don t know PHP well enough to be able to
> do this. :o(
>
> I have made the 2 systems on the same domain now, so cookies are an
> option. Can anyone give any tips on how I might achieve this between
> the ASP.NET and PHP apps?
>
> SR5k
>
(Top posting fixed).
Shouldn't be too hard. Just set the cookie in one app and read it in
the other. As long as you're just storing character (no binary) data in
it, it should work fine.
You won't be able to share session information, though. If you need to
store something sensitive (i.e. userid), you might think about creating
a pseudo-session in a database and store you data there. store a (long)
key to the row in a cookie. It will emulate a session - but be readable
by both.
Of course, every once in a while you'll want to delete old rows.
P.S. Please don't top post. Thanks.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|