|
|
Posted by Jerry Stuckle on 06/30/07 13:23
shimmyshack wrote:
> On Jun 30, 2:49 am, Jerry Stuckle <jstuck...@attglobal.net> wrote:
>> Ben Sehara wrote:
>>> "shimmyshack" <matt.fa...@gmail.com> wrote in message
>>> news:1183047662.340289.205790@m36g2000hse.googlegroups.com...
>>>> On Jun 28, 2:49 pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
>>>>> Ben Sehara wrote:
>>>>>> Is there any way I can limit the access to my website? I have a site
>>>>>> "A" and
>>>>>> I want to allow access to it only from site "B" login user.
>>>>>> If someone try to access site "A" directory, I want it redirected to
>>>>>> site
>>>>>> "B" for login. After login at site "B", you see the link to site"A".
>>>>>> When
>>>>>> you click it, you see login page for site "A".
>>>>>> Is it possible?
>>>>>> Thanks.
>>>>>> Ben
>>>>> Ben,
>>>>> Not easily. The problem here is if you set a cookie on Site B, it won't
>>>>> be sent to site A.
>>>> Was it you that asked this the other day, it is a solveable problem,
>>>> what capabilities do both servers have, do they have php, does only
>>>> one, which one, does one/both have a database, session support?
>> > No, I don't think it's me. This is the first time to post regarding this
>> > topic.
>> > Site "A" has ASP and site"A", my site, has PHP. Both have database and
>> > session support.
>> >
>> > Can I use RSS to accomplish this? It just came up in my mind.
>> >
>> > Ben
>> >
>> >
>>
>> P.S. Please don't top post.
>>
>> --
>> ==================
>> Remove the "x" from my email address
>> Jerry Stuckle
>> JDS Computer Training Corp.
>> jstuck...@attglobal.net
>> ==================
>
>
> so let me get this straight,
> if someone tried to access a directory of A (not the whole of site A,
> just a page) and were not logged on at siteB, then they are redirected
> there, then on successful login they are redirected back to site A, to
> the page they were on, and now site A asks them to log on as well.
> user goes to A, site A checks whether it lets the user through, if not
> there it makes the ACTION of the form point to an iframe in the page
> and to a script on siteB, and uses RSA for the form, with B's public
> key in javascript, as well as a ID from siteA which is set in siteA's
> cookie, user logs in, this form is encrypted and posted to siteB, site
> B decrypts using it's private key, accepts if user gets it right and
> makes a cURL session to a script on siteA, sending it the ID, which A
> stores in database, id->"redirect=no" then it sends back javascript,
> parent.location.reload(), to force the page on siteA to reload, now
> site A checks whether user with this session needs to be refreshed,
> and id is ok, sent from B, so A prints the login form for A with
> ACTION pointing to a script on A, or just shows A's data.
>
Who said anything about all this crap?
From what I understand what the user wants, if someone is signed into
site A, they can access anything on Site B.
I suspect the entire idea is to not have to sign into both sites.
If they try to access a page at Site B but don't have the authority,
they are redirected to Site A for sign in. Once signing in, they can
access the page on Site B.
As for the rest - what a complicated way of handling things.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|