|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Cross Site authentication ?What is the best way to set-up cross site authentication ? Ideally we would
like users who have authenticated into a secure section of one (local) site to be able to click on a link and somehow pass the authentication credentials to another (remote, not on same domain) site without prompting the users to enter another ID & password. Also, we would like any authentication that is used or passed to not be visable on the page they are leaving by using the View/Source option or in the URL. TIA ... Hi,
Is the other server under your administrative control? Is it part of e.g. same Active Directory? -- Show quoteHide quoteMike Microsoft MVP - Windows Security "E-Double" <EDou***@discussions.microsoft.com> wrote in message news:C4F6B988-42DD-402D-8A68-EADD9F1F2868@microsoft.com... > What is the best way to set-up cross site authentication ? Ideally we > would > like users who have authenticated into a secure section of one (local) > site > to be able to click on a link and somehow pass the authentication > credentials > to another (remote, not on same domain) site without prompting the users > to > enter another ID & password. Also, we would like any authentication that > is > used or passed to not be visable on the page they are leaving by using the > View/Source option or in the URL. TIA ... not part of the same AD, they just supplied us with the user ID and password
to use ... e. Show quoteHide quote "Miha Pihler [MVP]" wrote: > Hi, > > Is the other server under your administrative control? Is it part of e.g. > same Active Directory? > > -- > Mike > Microsoft MVP - Windows Security > > "E-Double" <EDou***@discussions.microsoft.com> wrote in message > news:C4F6B988-42DD-402D-8A68-EADD9F1F2868@microsoft.com... > > What is the best way to set-up cross site authentication ? Ideally we > > would > > like users who have authenticated into a secure section of one (local) > > site > > to be able to click on a link and somehow pass the authentication > > credentials > > to another (remote, not on same domain) site without prompting the users > > to > > enter another ID & password. Also, we would like any authentication that > > is > > used or passed to not be visable on the page they are leaving by using the > > View/Source option or in the URL. TIA ... > > > Hi,
In this case I don't see any (easy) way to accomplish what you want -- specially since your users enter username and password that is different from the other site. You might be able to do something _together_ with the owners of the site (e.g. use cookies for authentication or filter access to the site by your IP address instead of using usernames and passwords...)... -- Show quoteHide quoteMike Microsoft MVP - Windows Security "E-Double" <EDou***@discussions.microsoft.com> wrote in message news:31182EA6-2ABF-4496-9F0A-161B49194966@microsoft.com... > not part of the same AD, they just supplied us with the user ID and > password > to use ... > > e. > > > > > "Miha Pihler [MVP]" wrote: > >> Hi, >> >> Is the other server under your administrative control? Is it part of e.g. >> same Active Directory? >> >> -- >> Mike >> Microsoft MVP - Windows Security >> >> "E-Double" <EDou***@discussions.microsoft.com> wrote in message >> news:C4F6B988-42DD-402D-8A68-EADD9F1F2868@microsoft.com... >> > What is the best way to set-up cross site authentication ? Ideally we >> > would >> > like users who have authenticated into a secure section of one (local) >> > site >> > to be able to click on a link and somehow pass the authentication >> > credentials >> > to another (remote, not on same domain) site without prompting the >> > users >> > to >> > enter another ID & password. Also, we would like any authentication >> > that >> > is >> > used or passed to not be visable on the page they are leaving by using >> > the >> > View/Source option or in the URL. TIA ... >> >> >> Cool, thanks for the reply. We will probably try the cookies option first.
e. Show quoteHide quote "Miha Pihler [MVP]" wrote: > Hi, > > In this case I don't see any (easy) way to accomplish what you want -- > specially since your users enter username and password that is different > from the other site. > > You might be able to do something _together_ with the owners of the site > (e.g. use cookies for authentication or filter access to the site by your IP > address instead of using usernames and passwords...)... > > -- > Mike > Microsoft MVP - Windows Security > > "E-Double" <EDou***@discussions.microsoft.com> wrote in message > news:31182EA6-2ABF-4496-9F0A-161B49194966@microsoft.com... > > not part of the same AD, they just supplied us with the user ID and > > password > > to use ... > > > > e. > > > > > > > > > > "Miha Pihler [MVP]" wrote: > > > >> Hi, > >> > >> Is the other server under your administrative control? Is it part of e.g. > >> same Active Directory? > >> > >> -- > >> Mike > >> Microsoft MVP - Windows Security > >> > >> "E-Double" <EDou***@discussions.microsoft.com> wrote in message > >> news:C4F6B988-42DD-402D-8A68-EADD9F1F2868@microsoft.com... > >> > What is the best way to set-up cross site authentication ? Ideally we > >> > would > >> > like users who have authenticated into a secure section of one (local) > >> > site > >> > to be able to click on a link and somehow pass the authentication > >> > credentials > >> > to another (remote, not on same domain) site without prompting the > >> > users > >> > to > >> > enter another ID & password. Also, we would like any authentication > >> > that > >> > is > >> > used or passed to not be visable on the page they are leaving by using > >> > the > >> > View/Source option or in the URL. TIA ... > >> > >> > >> > > > |
|||||||||||||||||||||||
Other interesting topics