 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
| HomeDiscussion GroupsGeneralPHPASPPerlColdFusionFlashHTML, CSS, ScriptsBrowsers |
Webmaster Forum / ASP / Database Access / February 2007How would you face this problem?
Hi, I have an online application (written in .asp) that requires a login to be accessed and used. I have a login.asp page that asks for username and password, looks up in a MS SQL db if a combination of those username/password is available and, if so, sets a session variable and goes to home.asp (this page checks if the session variable has been set, and if not, redirects to login.asp). That's the usual method in .asp to make password-protected pages. This way, the SQL database contains all usernames and passwords. Now I have a company that wants to use my application (hosted on my server) but does not want their users to make a double login, I mean one login to their network and one login to my application. They want a way so that my application recognizes their users and logins automatically; in a few words, their users should be allowed to go directly to home.asp without first stepping to login.asp. They are using a Windows network, so I looked into using Active Directory (LDAP) integration in .asp pages but: 1) Can you tell me a source where I can find simple integration information? I found a lot of information, but nothing is very simple 2) Since my application is hosted on my server (on-line and outside their network), I don't think I'll be able to use AD integration, because I think they should be in the same domain So, my final question is: how would you approach such a problem? Googling on the net I also found this page http://www.google.com/a/help/intl/en/admins/editions.html where Google offers a single sign-on to their application via API. I think they don't use AD integration, but they achieve exactly what I need (a single sign-on). So, how can Google do such a thing? What approach are they using? I can develop a login API for my application too. Thank you. > Hi, > [quoted text clipped - 13 lines] > their users should be allowed to go directly to home.asp without first > stepping to login.asp. [snip] Can't you just test the domain or IP address of the visitor? > > Hi, > > [quoted text clipped - 21 lines] > > Can't you just test the domain or IP address of the visitor? Or have them log on once and set a cookie? >> Can't you just test the domain or IP address of the visitor? No, I need to know who the visitor is (First Name, Last Name, etc.). When employees arrive at work, they need to login to their netword (via Active Directory). The company wants they can use our application without the need to login again. When they use our application, we need to know who they are (First Name, Last Name, etc.) > Or have them log on once and set a cookie? We need them to login once, but where we set the cookie? They login once to their network, not to our webpage. Thanks. > >> Can't you just test the domain or IP address of the visitor? > [quoted text clipped - 8 lines] > We need them to login once, but where we set the cookie? They login once to > their network, not to our webpage. Have them login once to your Web page then save their information to a cookie and have subsequent accesses check for the cookie to bypass logins. "McKirahan" <News@McKirahan.com> ha scritto nel messaggio > Have them login once to your Web page then save their information to a > cookie and have subsequent accesses check for the cookie to bypass logins. They don't want to login to our webpage, that's what they want to avoid. I know there are some sites that behave this way (e.g. Google, MS Passport, etc.) > Now I have a company that wants to use my application (hosted on my server) > but does not want their users to make a double login, I mean one login to > their network and one login to my application. They want a way so that my > application recognizes their users and logins automatically; in a few words, > their users should be allowed to go directly to home.asp without first > stepping to login.asp. There is no way that your server is going to be "aware" of their usernames from their AD Domain.  SignaturePhillip Windell [MCP, MVP, CCNA] www.wandtv.com The views expressed (as annoying as they are, and as stupid as they sound), are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. ----------------------------------------------------- > There is no way that your server is going to be "aware" of their usernames > from their AD Domain. That's what Google does (see my link). How they can do it? > That's what Google does (see my link). How they can do it? Also MS Passport does it... >> That's what Google does (see my link). How they can do it? > > Also MS Passport does it... It works by cookies, not by Domain login. MS Passport does not have any idea what goes on in my Domain,...it does not query my domain controller to authenticate users,...it is not even capable of reaching my domain controller. SignaturePhillip Windell [MCP, MVP, CCNA] www.wandtv.com The views expressed (as annoying as they are, and as stupid as they sound), are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. ----------------------------------------------------- > It works by cookies, not by Domain login. Yes, it does not work with Domain login, but it does not work with cookies too. Two different websites cannot exchange cookies. When I login into Passport, all websites that work with Passport technology can know my details. So, there should be a method to pass this information from Passport to each website, not via cookies or sessions. With Passport, you have to login at least once at the passport protected site, and then your login is saved in a cookie. Even then, if you go to a different passport protected site than the one you were previously logged into, you usually have to log in again. Bob Lehmann > > It works by cookies, not by Domain login. > [quoted text clipped - 3 lines] > details. So, there should be a method to pass this information from Passport > to each website, not via cookies or sessions. > With Passport, you have to login at least once at the passport protected > site, and then your login is saved in a cookie. Even then, if you go to a > different passport protected site than the one you were previously logged > into, you usually have to log in again. I went to a site and tried to login: it sent me to Passport's website where I logged in and then was redirected back to the original website. As far as I know, I cannot create a cookie (on Passport's website) that can be "seen" by other websites (original website). What they call "single sign on" can mean anything. I don't know what Google is doing. SignaturePhillip Windell [MCP, MVP, CCNA] www.wandtv.com The views expressed (as annoying as they are, and as stupid as they sound), are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. ----------------------------------------------------- >> There is no way that your server is going to be "aware" of their usernames >> from their AD Domain. > > That's what Google does (see my link). How they can do it? |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.