Last post Apr 25, 2017 02:51 AM by kaushalparik27
Apr 24, 2017 01:40 PM|D2012|LINK
I have created an ASP.net application (my app), which will be called by another third part application (calling app) hosted on the same server. The user go thru a login on the calling app. I want my app to be only used by the users who are coming from the
calling app. How do I make sure no one else but the calling app users can use my app?
Apr 24, 2017 04:52 PM|kaushalparik27|LINK
Single Sign On in ASP.NET is what you should be looking for. Single sign-on (SSO)is a session/user authentication process that permits a user to enter one name
and password in order to access multiple applications. The process authenticates the user for all the applications they have been given rights to and eliminates further prompts when they switch applications
Apr 24, 2017 05:11 PM|D2012|LINK
Wouldn't that require change on both the applications? I cannot modify the calling application. How do I implement it only on my app?
Apr 24, 2017 05:26 PM|kaushalparik27|LINK
There are alternatives, but I believe you will require to do some modification on both side of application.
One alternative; for example, is to use (x509) certificate to pass on each request from calling app along with request and on the destination side, check if the same certificate exists in coming request. Idea is, both application are using same certificate,
ultimately resulting in a fact that both applications are on same Server and both are accessing it from same certificate store.
Apr 24, 2017 09:44 PM|D2012|LINK
I tried using Request.UrlReferrer.ToString() to check the calling app url, but it is coming null. why is that? How can I check the referring URL?
Apr 25, 2017 02:51 AM|kaushalparik27|LINK
but it is coming null. why is that?
"When visiting a webpage, the referrer or referring page is the URL of the previous webpage from which a link was followed." for more information you can go to
http://en.wikipedia.org/wiki/HTTP_referer It can be null if you someone opened a browser and just entered your site address (without pressing a link to get there)
This is exactly what is happening when you try to redirect from one application to another, because that another application is getting opened for the first time.
If you are looking for some easier way, then you may pass and use token based authentication between the system. In any alternatives, you still have to think about modifying both applications a bit to make it work the way you want.