Logon to 2 sites with current userI
|
Original Message
|
Name: canman
Date: July 17, 2008 at 08:13:20 Pacific
Subject: Logon to 2 sites with current userIOS: win2000CPU/Ram: 222Model/Manufacturer: asus |
Comment: I presently have a login - password site, checks database with login/password to validate user and it then proceeds to the next page. I have another asp page that also the user has to enter login credentials. Within this I will have a logon link that will allow the user to automatically be logged into the site that also asked for a login credentials.
what basically i am trying to do it have the users only have to login ONCE to access both sites. The first site will have a link that will allow them to connect to the other site anytime they want by pressing logon to inquiry site, but should log them in automatically with there current userId!!
how can i do this using .ASP???
Report Offensive Message For Removal
|
|
Response Number 1
|
Name: Michael J (by mjdamato)
Date: July 18, 2008 at 09:19:56 Pacific
Subject: Logon to 2 sites with current userI |
Reply: (edit)Just off the top of my head I would have the second site, as part of it's authentication do a call back to the first site. 1. User attempts to load a page from site B
2. Site B's authentication process determines user is not currently logged in.
3. Before asking the user to log in to site B, add 1 more check.
4. Make a call to a page on Site A that determines whether the user is logged in to site A. If so, it passes the username to site B so the authentication process can auto-login the user. Michael J
 Report Offensive Follow Up For Removal
|
|
Response Number 2
|
Name: Elinor
Date: August 1, 2008 at 10:00:43 Pacific
Subject: Logon to 2 sites with current userI |
Reply: (edit)Hi canman, Michael J, Michael J, just wondering.
How would site B get the user credentials? Would you just pass user B's name in the GET request?
And if so, isn't there a security issue here that anyone could log in to the user's account on site B providing he/she is logged in to site A at any given time? Thanks for any info, I am curious because also trying to find a secure solution to exactly the same kind of problem. Elinor Elinor Hurst
http://elinorhurst.blogspot.com
Report Offensive Follow Up For Removal
|
|
Response Number 3
|
Name: Michael J (by mjdamato)
Date: August 1, 2008 at 20:36:01 Pacific
Subject: Logon to 2 sites with current userI |
Reply: (edit)Site B would NOT get the user credentials. Site B merely sends a request to a site A page to see if the user is currently logged in. This assumes you are using session data to indicate when a user is logged in. The returned value from site A confirming that the user is logged in can be as simple or complex as you want. I would suggest passing back the username and password that is hashed (using a salt). Even if the confirmation page on site A only returned a username, it would be pretty difficult for someone to circumvent that. Because the initial request is coming from a page on site B that is looking for the response. You couldn't just send a username to a site B page expecting for it to log you in. Michael J
Report Offensive Follow Up For Removal
|
|
Response Number 5
|
Name: canman
Date: September 7, 2008 at 07:37:15 Pacific
Subject: Logon to 2 sites with current userI |
Reply: (edit)with site B i would receive that username/password and then have it automatically authenticate that user by checking its userid/password within the database, just like it presently does. Site A is just a new login, Site B wich was the original login will still receive this userid/password that was passed to it by site A, and login the user without the user having to press the submit button.
Report Offensive Follow Up For Removal
|
Use following form to reply to current message:
