Two websites. One is a private side using windows integrated security and the other is a public side using forms authentication. Private side is basically for admins. I want to send a user from the private side to the public side. I was thinking of encyrpting
the ad user name on the private side, then passing it as a query string to the public side. Then decrypt the query string and check the database to see if it is a valid user, if so create their forms ticket and they would be logged in.
I was thinking about setting a date/time field in the databse when the user tries to get transfered then checking it on the private side and if it is over a minute don't allow the transfer. This would prevent someone spamming query strings to my private
side page which is going to handle the transfer. Is this even needed?
As far as I know, it sounds OK. Please try to use it. In addition, I would suggest you to check the links below for more information about Windows Authentication and Forms Authentication.
sublime4o
Member
120 Points
128 Posts
Does this sound secure? Two sites, going from Windows Integrated Security to Forms.
Sep 02, 2011 03:21 PM|LINK
Two websites. One is a private side using windows integrated security and the other is a public side using forms authentication. Private side is basically for admins. I want to send a user from the private side to the public side. I was thinking of encyrpting the ad user name on the private side, then passing it as a query string to the public side. Then decrypt the query string and check the database to see if it is a valid user, if so create their forms ticket and they would be logged in.
I was thinking about setting a date/time field in the databse when the user tries to get transfered then checking it on the private side and if it is over a minute don't allow the transfer. This would prevent someone spamming query strings to my private side page which is going to handle the transfer. Is this even needed?
I am using RijndaelManaged encryption.
Catherine Sh...
All-Star
23382 Points
2490 Posts
Microsoft
Re: Does this sound secure? Two sites, going from Windows Integrated Security to Forms.
Sep 09, 2011 06:45 AM|LINK
Hi sublime4o,
As far as I know, it sounds OK. Please try to use it. In addition, I would suggest you to check the links below for more information about Windows Authentication and Forms Authentication.
http://msdn.microsoft.com/en-us/library/907hb5w9.aspx
http://msdn.microsoft.com/en-us/library/7t6b43z4.aspx
Hope these will help you.
Feedback to us
Develop and promote your apps in Windows Store