2 sites - 1 authentication method

[Chris]

We have developed two sites that both use forms authentication and have objects with custom principle interfaces and identity interfaces. I would like to use the same principals for both sites and load behind the scenes

I have tried the following scenario
1) Create a web service that automtically takes the credentials, loads the custom principal, and redirects the user in the new site. This of course...has a few drawbacks

Is there a better method or best practices for doing this?....such as setting a cookie on one site....then overriding the page object to allways look for it and load the principal on each page. It seems that this might be a better way to maintain credentials between the two applications

any thoughts would be greatly appreciated
Chris

[Joe Kaplan \(MVP - ADSI\)]

Cookies are very commonly used in Single Sign On technologies, so there is
no reason why this couldn't work for you. You could use a standard
HttpModule on both sites that would add the cookie for newly authenticated
users and read the cookie for returning users. You'd probably want to
encrypt it so that it could not be tampered with.

Joe K.

"Chris" <anonymous@discussions.microsoft.com> wrote in message
news:D4081DA3-0737-4505-9874-E3D14A920A62@microsoft.com...

> We have developed two sites that both use forms authentication and have

objects with custom principle interfaces and identity interfaces. I would
like to use the same principals for both sites and load behind the scenes.

>
> I have tried the following scenario:
> 1) Create a web service that automtically takes the credentials, loads

the custom principal, and redirects the user in the new site. This of
course...has a few drawbacks.

>
> Is there a better method or best practices for doing this?....such as

setting a cookie on one site....then overriding the page object to allways
look for it and load the principal on each page. It seems that this might
be a better way to maintain credentials between the two applications?

>
> any thoughts would be greatly appreciated,
> Chris

[Sandy MacLean]

I can recommend the book "Professional ASP.NET Security" from the Wrox
Programmer to Programmer series.

I haven't tried it myself yet (just about to), but basically this indicates
that you can use the machine.config file to pre-set a hash value set to
allow sharing of credentials between applications (using forms
authentication) on the same server, or between different serers within a web
farm.

ISBN: 1-86100-620-9
Price US$49.99.

Hope that helps

-Alec

"Chris" <anonymous@discussions.microsoft.com> wrote in message
news:D4081DA3-0737-4505-9874-E3D14A920A62@microsoft.com...

> We have developed two sites that both use forms authentication and have

objects with custom principle interfaces and identity interfaces. I would
like to use the same principals for both sites and load behind the scenes.

>
> I have tried the following scenario:
> 1) Create a web service that automtically takes the credentials, loads

the custom principal, and redirects the user in the new site. This of
course...has a few drawbacks.

>
> Is there a better method or best practices for doing this?....such as

setting a cookie on one site....then overriding the page object to allways
look for it and load the principal on each page. It seems that this might
be a better way to maintain credentials between the two applications?

>
> any thoughts would be greatly appreciated,
> Chris