Can I pass ASP Basic Auth Credentials to an APS.NET Forms Authentication site?

Douglas J. Badin · Douglas J. Badin

I am converting an ASP Website running Windows NT 4.0 to ASP.NET running
Windows 2000 on a different computer across the Internet. During this
process, both will be active and availble to users.

The ASP site A uses Basic Authentication and has the user enter a UserID and
Password that are Authenticated against a database.

The ASP.NET site N uses Forms Authentication and has the user enter a UserID
and Password that are Authenticated against a copy of the ASP's database.

At this point in time I am only concerned with the scenario as follows:

- User Logs in to Site A (ASP)
- Site A redirects the User to Site N (ASP.NET)

In this scenario, the User has to enter their UserID and Password a second
time when accessing Site N.

Can Site A programitically pass the credentials, UserID and Password, to
Site N so the user does not have to logon a second time with the same UserID
and Password without changing the authentication schemes of either site.

If so, what are my options?

Thanks,
Doug

Yan-Hong Huang[MSFT] · Yan-Hong Huang[MSFT]

Hello Douglas,

Thanks for posting in the group.

Based on my understanding, now the question is: You have one asp
application which uses basic authentication and one asp.net applicaiton
which uses forms authentication. The user ID and password database is the
same for these two web applications. Now, - User Logs in to Site A (ASP) by
using user name and passoword, Site A redirects the User to Site N
(ASP.NET). Can Site A programitically pass the credentials, UserID and
Password, to
Site N so the user does not have to logon a second time? Please correct me
if I have misunderstood anything.

Here I thought of a method. Since we are using basic authentication in Site
A (ASP), so we can get username and password in ASP web application first
and store it in the cookie. When the Site A redirectes users to Site N
(ASP.NET), it will redirect to forms authentication auto-login page. In the
Page_Load of that page, we can fetch the user name and password from cookie
and authenticate the user programmatically. So the client doesn't need to
input username and password again.

Does that answer your question? If there is any unclear, please feel free
to post here.

Ps: In ASP programming, if we use basic authentication, we can only use
username and password in NT domain. What database do you mean in the
sentence "The ASP site A uses Basic Authentication and has the user enter a
UserID and Password that are Authenticated against a database."? Do you
mean authenticate the user name and password in NT domain?

Best regards,
Yanhong Huang
Microsoft Community Support

Get Secure! ¨C [url]www.microsoft.com/security[/url]
This posting is provided "AS IS" with no warranties, and confers no rights.

Douglas J. Badin · Douglas J. Badin

Hi Yanhong Huang,

You understand correctly.

The database of usernames and password is SQL Server and you are correct in
assuming I can get the Username and Password.

Your idea sounds interesting. I will have to check it out. The only
concern I have is that it will be a cross-domain cookie. Site A and N are
two different boxes in different locations. Right now I redirect to the IP
of Site N.

Thanks,

Doug

"Yan-Hong Huang[MSFT]" <yhhuang@online.microsoft.com> wrote in message
news:Dg$BY874DHA.568@cpmsftngxa07.phx.gbl...

> Hello Douglas,
>
> Thanks for posting in the group.
>
> Based on my understanding, now the question is: You have one asp
> application which uses basic authentication and one asp.net applicaiton
> which uses forms authentication. The user ID and password database is the
> same for these two web applications. Now, - User Logs in to Site A (ASP)

by

> using user name and passoword, Site A redirects the User to Site N
> (ASP.NET). Can Site A programitically pass the credentials, UserID and
> Password, to
> Site N so the user does not have to logon a second time? Please correct me
> if I have misunderstood anything.
>
> Here I thought of a method. Since we are using basic authentication in

Site

> A (ASP), so we can get username and password in ASP web application first
> and store it in the cookie. When the Site A redirectes users to Site N
> (ASP.NET), it will redirect to forms authentication auto-login page. In

the

> Page_Load of that page, we can fetch the user name and password from

cookie

> and authenticate the user programmatically. So the client doesn't need to
> input username and password again.
>
> Does that answer your question? If there is any unclear, please feel free
> to post here.
>
> Ps: In ASP programming, if we use basic authentication, we can only use
> username and password in NT domain. What database do you mean in the
> sentence "The ASP site A uses Basic Authentication and has the user enter

a

> UserID and Password that are Authenticated against a database."? Do you
> mean authenticate the user name and password in NT domain?
>
> Best regards,
> Yanhong Huang
> Microsoft Community Support
>
> Get Secure! ¨C [url]www.microsoft.com/security[/url]
> This posting is provided "AS IS" with no warranties, and confers no

rights.

>

Yan-Hong Huang[MSFT] · Yan-Hong Huang[MSFT]

Hello Douglas,

Thanks very much for the quick update.

If the Site A and N's DNS name is different, for an example, [url]www.sitea.com[/url]
and [url]www.siten.com[/url], the cookie can't work, because the cookie is based on
DNS name. If the name of DNS is different, the cookie will look on them as
different web sites and they won't share the cookies.

Another way is to transfer username and password in QueryString, such as
[url]www.siten.com\login.aspx?username=****&password=** **[/url]. Then in Page_Load of
login.aspx, we can use NameValueCollection coll=Request.QueryString to get
the username and password. Surely we can use some algorithm to secure the
username and password when putting it in QueryString.

If there is anything unclear, please feel free to post here.

By the way, we can send post notify email to you when there is useful reply
in the newsgroup. If you want to receive it in the future, please register
your no spam email alias at
[url]http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.asp[/url]
&SD=msdn.

Best regards,
Yanhong Huang
Microsoft Community Support

Get Secure! ¨C [url]www.microsoft.com/security[/url]
This posting is provided "AS IS" with no warranties, and confers no rights.

Yan-Hong Huang[MSFT] · Yan-Hong Huang[MSFT]

Hello Douglas,

I wanted to post a quick note to see if you would like additional
assistance or information regarding this particular issue. If there is
anything unclear, please feel free to post here.

Thanks for participating the community.

Best regards,
Yanhong Huang
Microsoft Community Support

Get Secure! ¨C [url]www.microsoft.com/security[/url]
This posting is provided "AS IS" with no warranties, and confers no rights.

Can I pass ASP Basic Auth Credentials to an APS.NET Forms Authentication site?

Thread Tools

Display

Can I pass ASP Basic Auth Credentials to an APS.NET Forms Authentication site?

Similar Questions and Discussions

Pass credentials from one web site to another for seamless login

ASP.Net Forms authentication & Windows Auth combined

ASP.Net Forms authentication with basic authentication popup

how to by-pass forms authentication in a subfolder

Basic Forms Authentication question

RE: Can I pass ASP Basic Auth Credentials to an APS.NET Forms Authentication site?

Re: Can I pass ASP Basic Auth Credentials to an APS.NET Forms Authentication site?

Re: Can I pass ASP Basic Auth Credentials to an APS.NET Forms Authentication site?

Re: Can I pass ASP Basic Auth Credentials to an APS.NET Forms Authentication site?

Posting Permissions