Re: Can I pass ASP Basic Auth Credentials to an APS.NET Forms Authentication site?

From: Yan-Hong Huang[MSFT] (yhhuang_at_online.microsoft.com)
Date: 01/27/04 

Date: Tue, 27 Jan 2004 01:38:32 GMT

Hello Douglas,

Thanks very much for the quick update.

If the Site A and N's DNS name is different, for an example, www.sitea.com
and www.siten.com, the cookie can't work, because the cookie is based on
DNS name. If the name of DNS is different, the cookie will look on them as
different web sites and they won't share the cookies.

Another way is to transfer username and password in QueryString, such as
www.siten.com\login.aspx?username=****&password=****. Then in Page_Load of
login.aspx, we can use NameValueCollection coll=Request.QueryString to get
the username and password. Surely we can use some algorithm to secure the
username and password when putting it in QueryString.

If there is anything unclear, please feel free to post here.

By the way, we can send post notify email to you when there is useful reply
in the newsgroup. If you want to receive it in the future, please register
your no spam email alias at
http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.asp
&SD=msdn.

Best regards,
Yanhong Huang
Microsoft Community Support

Get Secure! ¨C www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

Relevant Pages

  • Re: Browser DNS balancing effects
    ... curl's cookie support. ... I notice the DNS entry for the ... It could be that my curl requests are hitting a different server each time, ... So what I wondered is how do browsers handle the case of multiple A records? ...
    (uk.comp.os.linux)
  • Cookies: Multiple Domain Names/Same server
    ... What do you do when your external DNS lists varying DNS names for the same ... I know you can specify a domain for the cookie but how can you ... the same server. ...
    (microsoft.public.dotnet.general)
  • DNS type value "T_INVALID"
    ... Does anyone know what the DNS type value 0 is used for? ... Most DNS resource records of interest are type value 1 (an IP ... typedef enum __ns_type { ... Here type value 0 is a described as a cookie. ...
    (comp.unix.programmer)
  • [UNIX] YaBB Security Vulnerabilities (CSS in Login, Insecure Password Handling)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... attacker to steal user's cookies, hijacking user's accounts, and more. ... stealing the username cookie is easy. ...
    (Securiteam)
  • [NEWS] AudioGalaxy Username and Password Saved in Cleartext
    ... that offers an mp3 sharing program. ... This product stores the username and ... password used by the application in plain text inside a cookie - this ... AudioGalaxy keeping usernames and passwords in clear text in a file on the ...
    (Securiteam)