Posted by Jerry Stuckle on 10/22/06 13:32

SuperRobot5000 wrote:
> Hi All,
>
> Ok, I know that the title of this question might seem strange... but i
> need to be able to authenticate from a .NET website (which a user would
> be logged on) to a PHP website (with the same user details).
>
> Does anyone know if there is a way to do this? I think the only way is
> to use an encrypted URL... but how would I encrypt the URL from the
> ASP.NET app into a format that the PHP app can decrypt?
>
> would a cookie also work? can you use cookies between
> applications/sites?
>
> Please help. :o(
>

Cookies don't work cross-domain - to allow them to do so would be a huge
security risk.

It really doesn't make a lot of difference what languages the sites are
written in - your .asp site will only "see" the html output (and
vice-versa, if necessary).

One way would be to encrypt the userid and password and have it passed
to a special login page (assuming you have control of the other site) as
GET parameters. When I need encryption (as opposed to hashing which is
not reversible), either use the libmcrypt routines or my own. This
isn't real secure, though, unless you use ssl. And it doesn't work if
you use the authentication provided by the webserver (as opposed to
programmer authentication).

But any other way is not easy. You can't do the authentication for the
browser, and you can't instruct the browser to do the authentication on
the new site for you. This means you would have to proxy the second
site in the first, and handle the authentication in your .NET code. And
how it's done would be dependent on how the authentication is done on
the remote site.



--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]