Re: forms authentication across Domains

From: Colin Picking (cpicking_at_monduran.com.nospam)
Date: 05/30/03 

Date: Fri, 30 May 2003 15:56:51 +1000

We are using forms authentication. Authentication is performed against a
table of User/Password pairs in a SQL Server2000 Database. The central
application is required to allow access to other applications which may not
reside in the same domain. It is considered undesirable to have the user
login again each time he accesses a new application. the solution I have
arrived at is to send the authentication ticket contents to the SQL server
and have the new application extract it and recreate the ticket (now
accessible with in the new domain). This seems to work fine

"Matjaz Ladava" <matjaz@_nospam_ladava.com> wrote in message
news:ucmEvcaJDHA.2764@tk2msftngp13.phx.gbl...
> You are using forms authentication, right ? So, how are you authenticating
> users ? Database, custom AD query,..... Forms authentication is used when
> you are not relying on windows to do the authentication, but you are
> creating you own authentication mechanism.
>
> Regards
>
> Matjaz Ladava
>
> "Colin Picking" <cpicking@monduran.com.nospam> wrote in message
> news:esOgWDZJDHA.1216@TK2MSFTNGP11.phx.gbl...
> > I am trying to develop a centralised application that performs
> > authentication for several other child applications which may be located
> on
> > different domains. The idea is to have the centralised application
create
> an
> > authentication ticket and then have that authentication ticket used by
> each
> > child application. The problem, of course, is that a cookie created by a
> > server in one domain is not accessible to a server in a different
domain.
> >
> > Has anyone encountered this problem before and if so what are some
> possible
> > solutions?
> >
> >
>
>

Relevant Pages

  • RE: Confusion on standard security methodologies.
    ... Application will talk to a back-end SQL ... By "back-end," I assume you mean on a different box from IIS? ... If SQL is on a separate box, you won't be able to use NT authentication ... impersonations (meaning that once passed to the IIS server, ...
    (microsoft.public.inetserver.iis.security)
  • Re: IIS6 Authentication Problem with SQL Server 2000
    ... They're not accessing SQL directly right? ... > a) if you are using a Windows 2000 Domain, ... > backend SQL Server. ... You need to use Kerberos authentication for this (not ...
    (microsoft.public.inetserver.iis.security)
  • Re: Security Update for SQL Server 2000 Service Pack 4 (KB948110)
    ... log into SQL Server. ... Authentication) The other is SQL Authentication where, ... the 948110 hotfix will not work on a database server ...
    (microsoft.public.windowsupdate)
  • Re: iis problems with some xp clients - kerberos issue?
    ... is the browser even attempting Kerberos Authentication? ... the webserver failing to get a service ticket for the SQL Server etc. ... Check that the site is in IE's Intranet zone (IE doesn't attempt to Kerberos ... Both access SQL ...
    (microsoft.public.inetserver.iis.security)
  • Re: Cached Logon
    ... It appears that the IIS and the SQL are installed on one machine? ... the scenes" windows authentication information? ... The folder on IIS holds all 3 .asp files. ... On the server I was logged in as domain1\administrator. ...
    (microsoft.public.sqlserver.connect)