> My web app is not on a secure server. However, before getting to my
> app,  a user is supposed to logon thru a secure server.  Is there any
> way to tell that the user has been approved and  is coming from the
> secure site rather than just typing the url in their browser?
>
> Is there any way to pass info from the secure server to my server?
> Something that I could check  & verify, but a user would not be able
> to see?
>
> Also, can just a directory on a server be made secure?
>
> Thanks for any help
>

"Dominick Baier [DevelopMentor]" wrote:

> whats secure??
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
> > My web app is not on a secure server. However, before getting to my
> > app,  a user is supposed to logon thru a secure server.  Is there any
> > way to tell that the user has been approved and  is coming from the
> > secure site rather than just typing the url in their browser?
> >
> > Is there any way to pass info from the secure server to my server?
> > Something that I could check  & verify, but a user would not be able
> > to see?
> >
> > Also, can just a directory on a server be made secure?
> >
> > Thanks for any help
> >
>
>
>

> I am new to this so may not be using terminology correctly.  Basically
> a user is supposte to get in via a "secure" site where he logs in & is
> verified.  If OK he is then sent to my program which is not on a
> secure site.  He gets the "leaving secure site" message. However, if
> users know the url to my program they can get in directly without
> being verified.
>
> I want to know if there is any way I can tell if the user got to my
> program via the secure site where his userid & logon were verified.
> Can the logon prgram pass some hidden flag?  Are there any system type
> variables, to tell me where he is coming from, for example the log in
> site or directly via a url? I've looked at request.systemvariables,
> but they seem to do with with
>
> The program is written withn vb.net & asp.net
> Thanks for any help you can give.
> "Dominick Baier [DevelopMentor]" wrote:
>
>> whats secure??
>>
>> ---------------------------------------
>> Dominick Baier - DevelopMentor
>> http://www.leastprivilege.com
>>> My web app is not on a secure server. However, before getting to my
>>> app,  a user is supposed to logon thru a secure server.  Is there
>>> any way to tell that the user has been approved and  is coming from
>>> the secure site rather than just typing the url in their browser?
>>>
>>> Is there any way to pass info from the secure server to my server?
>>> Something that I could check  & verify, but a user would not be able
>>> to see?
>>>
>>> Also, can just a directory on a server be made secure?
>>>
>>> Thanks for any help
>>>

"Dominick Baier [DevelopMentor]" wrote:

> so - the login app and your app are on different machines?
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
> > I am new to this so may not be using terminology correctly.  Basically
> > a user is supposte to get in via a "secure" site where he logs in & is
> > verified.  If OK he is then sent to my program which is not on a
> > secure site.  He gets the "leaving secure site" message. However, if
> > users know the url to my program they can get in directly without
> > being verified.
> >
> > I want to know if there is any way I can tell if the user got to my
> > program via the secure site where his userid & logon were verified.
> > Can the logon prgram pass some hidden flag?  Are there any system type
> > variables, to tell me where he is coming from, for example the log in
> > site or directly via a url? I've looked at request.systemvariables,
> > but they seem to do with with
> >
> > The program is written withn vb.net & asp.net
> > Thanks for any help you can give.
> > "Dominick Baier [DevelopMentor]" wrote:
> >
> >> whats secure??
> >>
> >> ---------------------------------------
> >> Dominick Baier - DevelopMentor
> >> http://www.leastprivilege.com
> >>> My web app is not on a secure server. However, before getting to my
> >>> app,  a user is supposed to logon thru a secure server.  Is there
> >>> any way to tell that the user has been approved and  is coming from
> >>> the secure site rather than just typing the url in their browser?
> >>>
> >>> Is there any way to pass info from the secure server to my server?
> >>> Something that I could check  & verify, but a user would not be able
> >>> to see?
> >>>
> >>> Also, can just a directory on a server be made secure?
> >>>
> >>> Thanks for any help
> >>>
>
>
>

> Not sure how all this fits in or even if I am using secure or  site properly.
>  None of this is for the public.  It is for an organization that only wants
> their members to have access, although remotely over the Internet.
> 
> The site, where the user logs in , is an https site, for example
> (https://mt1234.xconnection.com/signin/xxx.htm).  This sends a logon screen,
> & it verifyies id & password. If OK it transfers to a menu.  If my web
> programs option is selected from the men, it then transfers to my directory
> and program via , for example,
> http://mt4568.xconnection.com/mydirectory/.default.aspx?variousparameters.
>
>  I have been told that my site used to be on a different machine and
> different domain name, but is now on the same machine, but a different site.
>
> Only after changing it to this new setup did the problems start. Before if
> my programs http address was put directly into a url, it would get sent to
> the login site.  Good. We want this.  Everyone happy. Now since it has been
> changed, typing in my program's http url directly, gets directly in, no login
> required. Not good.
>
> Not getting much help from the server/set up people.  They think I should
> control this in my program.  Happy to do so but how?
>
> The program, which I inherited has Windows Authentication in the Web.config.
>  Can I use Forms authentication across "sites" like this has?  Can I tell if
> is coming from outside and not going thru the normal route of password
> verification?
> Should I be able to do this in my program?  Can or should the server itself
> be set up with some permissions or denials?
>
> I have been reading, reading, about security, authentication, authorization,
> BUT NOT GETTING TO AN UNDERSTANDING.  This is my first time with this & WOW.
>
> Thanks for any help anyone can give.
>

"Sega" wrote:

> I am new to this so may not be using terminology correctly.  Basically a user
> is supposte to get in via a "secure" site where he logs in & is verified.  If
> OK he is then sent to my program which is not on a secure site.  He gets the
> "leaving secure site" message. However, if users know the url to my program
> they can get in directly without being verified.
>
> I want to know if there is any way I can tell if the user got to my program
> via the secure site where his userid & logon were verified.  Can the logon
> prgram pass some hidden flag?  Are there any system type variables, to tell
> me where he is coming from, for example the log in site or directly via a
> url? I've looked at request.systemvariables, but they seem to do with with
>
> The program is written withn vb.net & asp.net
> Thanks for any help you can give.
>
> "Dominick Baier [DevelopMentor]" wrote:
>
> > whats secure??
> >
> > ---------------------------------------
> > Dominick Baier - DevelopMentor
> > http://www.leastprivilege.com
> >
> > > My web app is not on a secure server. However, before getting to my
> > > app,  a user is supposed to logon thru a secure server.  Is there any
> > > way to tell that the user has been approved and  is coming from the
> > > secure site rather than just typing the url in their browser?
> > >
> > > Is there any way to pass info from the secure server to my server?
> > > Something that I could check  & verify, but a user would not be able
> > > to see?
> > >
> > > Also, can just a directory on a server be made secure?
> > >
> > > Thanks for any help
> > >
> >
> >
> >

> if you mean you want to know if the user came in via an SSL page
> then...
>
> http://www.quepublishing.com/articles/article.asp?p=28493&seqNum=4
>
> Request.ServerVariables( "SERVER_PORT_SECURE") will return 1 for
> secure and 0 for not secure port.
>
> "Sega" wrote:
>
>> I am new to this so may not be using terminology correctly.
>> Basically a user is supposte to get in via a "secure" site where he
>> logs in & is verified.  If OK he is then sent to my program which is
>> not on a secure site.  He gets the "leaving secure site" message.
>> However, if users know the url to my program they can get in directly
>> without being verified.
>>
>> I want to know if there is any way I can tell if the user got to my
>> program via the secure site where his userid & logon were verified.
>> Can the logon prgram pass some hidden flag?  Are there any system
>> type variables, to tell me where he is coming from, for example the
>> log in site or directly via a url? I've looked at
>> request.systemvariables, but they seem to do with with
>>
>> The program is written withn vb.net & asp.net
>> Thanks for any help you can give.
>> "Dominick Baier [DevelopMentor]" wrote:
>>
>>> whats secure??
>>>
>>> ---------------------------------------
>>> Dominick Baier - DevelopMentor
>>> http://www.leastprivilege.com
>>>> My web app is not on a secure server. However, before getting to my
>>>> app,  a user is supposed to logon thru a secure server.  Is there
>>>> any way to tell that the user has been approved and  is coming from
>>>> the secure site rather than just typing the url in their browser?
>>>>
>>>> Is there any way to pass info from the secure server to my server?
>>>> Something that I could check  & verify, but a user would not be
>>>> able to see?
>>>>
>>>> Also, can just a directory on a server be made secure?
>>>>
>>>> Thanks for any help
>>>>