Posted by Dikkie Dik on 11/22/05 00:37

NotGiven wrote:
> Researching methodolgies where I open up an web site to different companies
> without having to manage the user ID and password for every person in every
> company.
>
> Thoughts include:
> 1--create a different certificate (like SSL or Apache generated cert) for
> each new company then log them in based on that. Refuse all users except
> those that have a cert.
> 2--somehow integrate with company network login system
> 3--check users' referrer domain to verify company - easily spoofed?
>
> Other ideas?
>
>
Can't you give them a different "front door"? You could write different
index pages that just set a session variable and then call the generic
index.
I'm afraid it is by no means swap-proof, but it allows employees from
the companies to access "their" website from other locations than the
company itself.

Best regards

[Back to original message]