I have done some research on this, and haven't found a clear answer.

What is the best method to pass authentication from a .NET web app to a different server that contains a PHP application.

I have some ideas regarding using the cookie (although I haven't explored this too deeply), but deep down it feels like a hack, and I don't even know if it would be possibly to decipher this cookie data. And I can't quite wrap my head around how this would expire.

Any thoughts? has anyone run into this before?

Thanks

What are the opinions on the best way to accomplish this?

Would a SOAP Webservice be the best approach?

PHP app is hosted on a Linux box. Everything else is on Windows.

Hi amandalynn

I'd liked to share some ideas and put them to the test.

Step 1: User go to a .NET web site, Sign in.

Step 2: Get the SessionID (For example: sessionid=ffj12d455p0ujr45vdqwhh45) and store in DB (For example,DataBaseName=SQLDB)

Step 3: Redirect to a PHP web site by link http://phpsite/default.jsp?sessionid=ffj12d455p0ujr45vdqwhh45

Step 4: Get sessionid in PHP web site, verify the sessionid in your SQLDB,

Step 5: If user is offline, please remove the sessionid from SQLDB.

If you wish, find the article about how to Share Session State on MSDN Library

Following the link below, Hope it helps

http://msdn2.microsoft.com/en-us/library/aa479313.aspx

Hi XiaoYong Dai, I have been doing a lot of research on this model and it seems the best one that I have seen so far. I am going to implement this model here on my site. I am wondering what security issues that I should consider when using this method.

Thanks in advance...