Re: Safest way to pass data between web apps?
From: Paul Glavich [MVP ASP.NET] (glav_at_aspalliane.com-NOSPAM)
Date: 03/14/05
- Next message: Mike Mahon: "Web form to reset password on both mainframe and windows environment using LDAP"
- Previous message: Rudy: "Re: MD5 problems"
- In reply to: gaidar: "Re: Safest way to pass data between web apps?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 14 Mar 2005 16:50:59 +1100
Or simply a generated/custom session ID.
The less user specific info you can pass the better IMHO. A user ID is easy
to spoof. A GUID like session ID is much harder (in terms of relating it to
a set of information as its just an arbitrary ID/number).
>From your last email, it sounded like you had a common database. Anyways,
the most secure is using a certificate based approach I think. Use an
asymetric algorithm and the public key to encrypt the data, stuff it into a
form which you post to the receiving application, the receiving application
can decrypt with the private key after extracting the encrypted valies from
the form.
-- - Paul Glavich ASP.NET MVP ASPInsider (www.aspinsiders.com) "gaidar" <gaidar@vbstreets.ru> wrote in message news:OWYWgyAKFHA.572@tk2msftngp13.phx.gbl... > Hi, Paul, > > Yeah, but if there is a way to use one database. Anyway you should pass user > id between two web-applications. > > Gaidar > > "Paul Glavich [MVP ASP.NET]" <glav@aspalliane.com-NOSPAM> wrote in message > news:eEN4CT7JFHA.3992@TK2MSFTNGP15.phx.gbl... > >I dont think the DB is overkill at all. In fact, I think it is probably the > > most efficient, and safest method to do so. Its faster than reposting the > > data across to the other app and the "receiving" app can extract only the > > information it requires as need, as opposed to having to send all the > > information, just in case the app requires it. > > > > -- > > > > - Paul Glavich > > ASP.NET MVP > > ASPInsider (www.aspinsiders.com) > > > > > > "J. Shane Kunkle" <shane@caudillweb.com> wrote in message > > news:%23Cbt7nmJFHA.2704@tk2msftngp13.phx.gbl... > >> I have an asp.net application that uses windows authentication. We need > >> to > >> loosely integrate another web application (written in cold fusion - > >> hosted > >> on another server) with my app (Loosely = provide a link to their app and > >> they will link to ours). Both systems use the same user information so > > once > >> they are authenticated by my app we would like to pass their information > > to > >> the other app to avoid making users log in two (or more) times. > >> > >> Obviously these parameters rule out a few things (session, cache, etc) - > > we > >> do share a database but this seems like overkill to me. As far as I know > >> server.transfer only works between web forms. My last resort is to use > >> the > >> query string with encrypted data - but I'm trying to avoid this for > > obvious > >> reasons. > >> > >> Any advice or direction is appreciated! Thanks in advance, > >> J. Shane Kunkle > >> jkunkle@vt.edu > >> > >> > > > > > >
- Next message: Mike Mahon: "Web form to reset password on both mainframe and windows environment using LDAP"
- Previous message: Rudy: "Re: MD5 problems"
- In reply to: gaidar: "Re: Safest way to pass data between web apps?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
