Posted by shimmyshack on 06/30/07 11:38

On Jun 30, 2:49 am, Jerry Stuckle <jstuck...@attglobal.net> wrote:
> Ben Sehara wrote:
> > "shimmyshack" <matt.fa...@gmail.com> wrote in message
> >news:1183047662.340289.205790@m36g2000hse.googlegroups.com...
> >> On Jun 28, 2:49 pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
> >>> Ben Sehara wrote:
> >>>> Is there any way I can limit the access to my website? I have a site
> >>>> "A" and
> >>>> I want to allow access to it only from site "B" login user.
> >>>> If someone try to access site "A" directory, I want it redirected to
> >>>> site
> >>>> "B" for login. After login at site "B", you see the link to site"A".
> >>>> When
> >>>> you click it, you see login page for site "A".
> >>>> Is it possible?
> >>>> Thanks.
> >>>> Ben
> >>> Ben,
>
> >>> Not easily. The problem here is if you set a cookie on Site B, it won't
> >>> be sent to site A.
> >> Was it you that asked this the other day, it is a solveable problem,
> >> what capabilities do both servers have, do they have php, does only
> >> one, which one, does one/both have a database, session support?
>
> > No, I don't think it's me. This is the first time to post regarding this
> > topic.
> > Site "A" has ASP and site"A", my site, has PHP. Both have database and
> > session support.
> >
> > Can I use RSS to accomplish this? It just came up in my mind.
> >
> > Ben
> >
> >
>
> P.S. Please don't top post.
>
> --
> ==================
> Remove the "x" from my email address
> Jerry Stuckle
> JDS Computer Training Corp.
> jstuck...@attglobal.net
> ==================


so let me get this straight,
if someone tried to access a directory of A (not the whole of site A,
just a page) and were not logged on at siteB, then they are redirected
there, then on successful login they are redirected back to site A, to
the page they were on, and now site A asks them to log on as well.
user goes to A, site A checks whether it lets the user through, if not
there it makes the ACTION of the form point to an iframe in the page
and to a script on siteB, and uses RSA for the form, with B's public
key in javascript, as well as a ID from siteA which is set in siteA's
cookie, user logs in, this form is encrypted and posted to siteB, site
B decrypts using it's private key, accepts if user gets it right and
makes a cURL session to a script on siteA, sending it the ID, which A
stores in database, id->"redirect=no" then it sends back javascript,
parent.location.reload(), to force the page on siteA to reload, now
site A checks whether user with this session needs to be refreshed,
and id is ok, sent from B, so A prints the login form for A with
ACTION pointing to a script on A, or just shows A's data.

[Back to original message]