Ask a Question related to ASP.NET Security, Design and Development.
-
J. Shane Kunkle #1
Safest way to pass data between web apps?
I have an asp.net application that uses windows authentication. We need to
loosely integrate another web application (written in cold fusion - hosted
on another server) with my app (Loosely = provide a link to their app and
they will link to ours). Both systems use the same user information so once
they are authenticated by my app we would like to pass their information to
the other app to avoid making users log in two (or more) times.
Obviously these parameters rule out a few things (session, cache, etc) - we
do share a database but this seems like overkill to me. As far as I know
server.transfer only works between web forms. My last resort is to use the
query string with encrypted data - but I'm trying to avoid this for obvious
reasons.
Any advice or direction is appreciated! Thanks in advance,
J. Shane Kunkle
[email]jkunkle@vt.edu[/email]
J. Shane Kunkle Guest
-
How to pass data
I need help with a small problem. I am working on a CourseBuilder 15 question test with each question is on its own page. I want to keep track of... -
safest way to pack unexposed 35mm film
My apologies if this has been covered in the group before (no doubt countless times) but I was hoping someone might have words of wisdom My wife... -
how to pass data?
You could create a recordset that retrieves the most recently added record by that user, maybe selecting the Max(ID) from the database, dunno what... -
Passing large data between forms, different apps
Hi, I have a need to pass a large data chunk (> 1024 bytes) between web forms that reside on different web applications (say one application is... -
Pass data between pages
in .net help, search for "Passing Server Control Values Between Pages" Michelle wrote: -
gaidar #2 Re: Safest way to pass data between web apps?
Try to use Web-service to pass information about the user between
web-applications. For example, having logged in user went to another
web-site using some link. At that time you sould create a temporary record
in the database with user info (login, id and etc.) - for these info you
sould create temporary ID and pass it trough the url to another web-app.
That app should call your web-service and get all information from database.
If you can't pass anothing to the url or want users to automatically login
even if they are just type the url of the other site in another browser's
window then use permanent cookie files (this will forks only if both
application have urls in one domain).
Gaidar
"J. Shane Kunkle" <shane@caudillweb.com> wrote in message
news:%23Cbt7nmJFHA.2704@tk2msftngp13.phx.gbl...>I have an asp.net application that uses windows authentication. We need to
>loosely integrate another web application (written in cold fusion - hosted
>on another server) with my app (Loosely = provide a link to their app and
>they will link to ours). Both systems use the same user information so once
>they are authenticated by my app we would like to pass their information to
>the other app to avoid making users log in two (or more) times.
>
> Obviously these parameters rule out a few things (session, cache, etc) -
> we do share a database but this seems like overkill to me. As far as I
> know server.transfer only works between web forms. My last resort is to
> use the query string with encrypted data - but I'm trying to avoid this
> for obvious reasons.
>
> Any advice or direction is appreciated! Thanks in advance,
> J. Shane Kunkle
> [email]jkunkle@vt.edu[/email]
>
>
gaidar Guest
-
Paul Glavich [MVP ASP.NET] #3 Re: Safest way to pass data between web apps?
I dont think the DB is overkill at all. In fact, I think it is probably the
most efficient, and safest method to do so. Its faster than reposting the
data across to the other app and the "receiving" app can extract only the
information it requires as need, as opposed to having to send all the
information, just in case the app requires it.
--
- Paul Glavich
ASP.NET MVP
ASPInsider ([url]www.aspinsiders.com[/url])
"J. Shane Kunkle" <shane@caudillweb.com> wrote in message
news:%23Cbt7nmJFHA.2704@tk2msftngp13.phx.gbl...once> I have an asp.net application that uses windows authentication. We need to
> loosely integrate another web application (written in cold fusion - hosted
> on another server) with my app (Loosely = provide a link to their app and
> they will link to ours). Both systems use the same user information soto> they are authenticated by my app we would like to pass their informationwe> the other app to avoid making users log in two (or more) times.
>
> Obviously these parameters rule out a few things (session, cache, etc) -obvious> do share a database but this seems like overkill to me. As far as I know
> server.transfer only works between web forms. My last resort is to use the
> query string with encrypted data - but I'm trying to avoid this for> reasons.
>
> Any advice or direction is appreciated! Thanks in advance,
> J. Shane Kunkle
> [email]jkunkle@vt.edu[/email]
>
>
Paul Glavich [MVP ASP.NET] Guest
-
gaidar #4 Re: Safest way to pass data between web apps?
Hi, Paul,
Yeah, but if there is a way to use one database. Anyway you should pass user
id between two web-applications.
Gaidar
"Paul Glavich [MVP ASP.NET]" <glav@aspalliane.com-NOSPAM> wrote in message
news:eEN4CT7JFHA.3992@TK2MSFTNGP15.phx.gbl...>I dont think the DB is overkill at all. In fact, I think it is probably the
> most efficient, and safest method to do so. Its faster than reposting the
> data across to the other app and the "receiving" app can extract only the
> information it requires as need, as opposed to having to send all the
> information, just in case the app requires it.
>
> --
>
> - Paul Glavich
> ASP.NET MVP
> ASPInsider ([url]www.aspinsiders.com[/url])
>
>
> "J. Shane Kunkle" <shane@caudillweb.com> wrote in message
> news:%23Cbt7nmJFHA.2704@tk2msftngp13.phx.gbl...> once>> I have an asp.net application that uses windows authentication. We need
>> to
>> loosely integrate another web application (written in cold fusion -
>> hosted
>> on another server) with my app (Loosely = provide a link to their app and
>> they will link to ours). Both systems use the same user information so> to>> they are authenticated by my app we would like to pass their information> we>> the other app to avoid making users log in two (or more) times.
>>
>> Obviously these parameters rule out a few things (session, cache, etc) -> obvious>> do share a database but this seems like overkill to me. As far as I know
>> server.transfer only works between web forms. My last resort is to use
>> the
>> query string with encrypted data - but I'm trying to avoid this for>>> reasons.
>>
>> Any advice or direction is appreciated! Thanks in advance,
>> J. Shane Kunkle
>> [email]jkunkle@vt.edu[/email]
>>
>>
>
gaidar Guest
-
Paul Glavich [MVP ASP.NET] #5 Re: Safest way to pass data between web apps?
Or simply a generated/custom session ID.
The less user specific info you can pass the better IMHO. A user ID is easy
to spoof. A GUID like session ID is much harder (in terms of relating it to
a set of information as its just an arbitrary ID/number).
From your last email, it sounded like you had a common database. Anyways,
the most secure is using a certificate based approach I think. Use an
asymetric algorithm and the public key to encrypt the data, stuff it into a
form which you post to the receiving application, the receiving application
can decrypt with the private key after extracting the encrypted valies from
the form.
--
- Paul Glavich
ASP.NET MVP
ASPInsider ([url]www.aspinsiders.com[/url])
"gaidar" <gaidar@vbstreets.ru> wrote in message
news:OWYWgyAKFHA.572@tk2msftngp13.phx.gbl...user> Hi, Paul,
>
> Yeah, but if there is a way to use one database. Anyway you should passthe> id between two web-applications.
>
> Gaidar
>
> "Paul Glavich [MVP ASP.NET]" <glav@aspalliane.com-NOSPAM> wrote in message
> news:eEN4CT7JFHA.3992@TK2MSFTNGP15.phx.gbl...> >I dont think the DB is overkill at all. In fact, I think it is probablythe> > most efficient, and safest method to do so. Its faster than repostingthe> > data across to the other app and the "receiving" app can extract onlyand> > information it requires as need, as opposed to having to send all the
> > information, just in case the app requires it.
> >
> > --
> >
> > - Paul Glavich
> > ASP.NET MVP
> > ASPInsider ([url]www.aspinsiders.com[/url])
> >
> >
> > "J. Shane Kunkle" <shane@caudillweb.com> wrote in message
> > news:%23Cbt7nmJFHA.2704@tk2msftngp13.phx.gbl...> >> I have an asp.net application that uses windows authentication. We need
> >> to
> >> loosely integrate another web application (written in cold fusion -
> >> hosted
> >> on another server) with my app (Loosely = provide a link to their appinformation> > once> >> they will link to ours). Both systems use the same user information so> >> they are authenticated by my app we would like to pass theiretc) -> > to> >> the other app to avoid making users log in two (or more) times.
> >>
> >> Obviously these parameters rule out a few things (session, cache,know> > we> >> do share a database but this seems like overkill to me. As far as I>> > obvious> >> server.transfer only works between web forms. My last resort is to use
> >> the
> >> query string with encrypted data - but I'm trying to avoid this for> >> >> reasons.
> >>
> >> Any advice or direction is appreciated! Thanks in advance,
> >> J. Shane Kunkle
> >> [email]jkunkle@vt.edu[/email]
> >>
> >>
> >
>
Paul Glavich [MVP ASP.NET] Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
