Pass credentials from one web site to another for seamless login

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

TS - 24 Jun 2004 16:37 GMT

I have a partner company that has a web site that I need to gain access
through the web site in my company. I need to be able to log into my site
and then have somekind of way to then access this other site that also
requires a login in a way that allows me to pass a set of credentials to
this other site which uses those credentials to log me in so that I don't
have to log in again. The credentials that I want to pass would be a
predetermined set of credentials based on the credentials used to login to
my site; one for read only or one for admin priveledges.

I am using windows authentication on my web site, and the other site is
using session authentication using Java and Cold Fusion. The sites are on
different networks at 2 separate companies.

I figure what I can do is pass credentials to one of their web pages that
creates a session for the browser, and authorizes this session as READ ONLY
or Admin and then will redirect to the appropriate place on their site.

Does this sound good or do I need to do something else?

If I use this approach, what are my options to pass these credentials?

thanks!

Reply to this Message

David Coe, MCAD - 24 Jun 2004 19:36 GMT

You could pass your credentials via the query string (not necessarily a good idea), or call a web service at the other site. The web service would be responsible for authentication and authorization, setting the session information, etc.

> I have a partner company that has a web site that I need to gain access
> through the web site in my company. I need to be able to log into my site
[quoted text clipped - 18 lines]
>
> thanks!

Reply to this Message

Joe Kaplan \(MVP - ADSI\) - 25 Jun 2004 05:49 GMT

What sort of authentication mechanism does the other site provide? Does it
have a login screen or does it pop up a dialog in the brower?

If it has a login screen, then in order to create an authenticated session
with them, you are going to have to write some code (probably with
HttpWebRequest) to do a form post to their login page. If they use a
dialog, then you can probably authenticate with them using the appropriate
header values (depending on how they authenticate).

Joe K.

> I have a partner company that has a web site that I need to gain access
> through the web site in my company. I need to be able to log into my site
[quoted text clipped - 18 lines]
>
> thanks!

Reply to this Message

[MSFT] - 28 Jun 2004 09:20 GMT

Hello,

I think David's suggestion should be a good idea. Is it possible in your
solution?

Luke

Reply to this Message

TS - 28 Jun 2004 20:42 GMT

I can't do the webservice because the other site won't be able to do that. I
can of course do the query string thing, but I don't want the credentials to
be messed with.

It seems like the easiest thing would be to use the httpwebrequest as joe
pointed out, otherwise I would have to encrypt the data in q string and the
other site would have to decrypt it, et. I'm looking to have the other site
have to do as little as possible.

> Hello,
>
> I think David's suggestion should be a good idea. Is it possible in your
> solution?
>
> Luke

Reply to this Message

[MSFT] - 29 Jun 2004 07:32 GMT

HttpWebRequest should be a proper solution for the issue. Here is article
you may refer:

Using Internet Request and Response Classes
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/htm
l/cpconusinginternetrequestresponseclasses.asp

Luke

Reply to this Message

TS - 29 Jun 2004 15:21 GMT

thanks

> HttpWebRequest should be a proper solution for the issue. Here is article
> you may refer:
>
> Using Internet Request and Response Classes

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/htm

> l/cpconusinginternetrequestresponseclasses.asp
>
> Luke

Reply to this Message

Pass credentials from one web site to another for seamless login

Free Magazines