Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Sep 09, 2011 06:45 AM by Catherine Shan - MSFT
Sep 02, 2011 03:21 PM|LINK
Two websites. One is a private side using windows integrated security and the other is a public side using forms authentication. Private side is basically for admins. I want to send a user from the private side to the public side. I was thinking of encyrpting
the ad user name on the private side, then passing it as a query string to the public side. Then decrypt the query string and check the database to see if it is a valid user, if so create their forms ticket and they would be logged in.
I was thinking about setting a date/time field in the databse when the user tries to get transfered then checking it on the private side and if it is over a minute don't allow the transfer. This would prevent someone spamming query strings to my private
side page which is going to handle the transfer. Is this even needed?
I am using RijndaelManaged encryption.
Sep 09, 2011 06:45 AM|LINK
As far as I know, it sounds OK. Please try to use it. In addition, I would suggest you to check the links below for more information about Windows Authentication and Forms Authentication.
Hope these will help you.