J
Joey Bravo
Hi,
i want to build a .NET web service which allows web applications running on
different environments, some non microsoft, to authenticate agains an
existing database of users.
I would like to use as much as is available in the .net framework as
possible.
i've been thinking of using custom membership and role providers that
connects to the webservice which in turn looks up users and roles in the
database.
However i'm not sure what to do in the web apps runnig on apache in php/jsp.
i was thinking of creating some sort of ticketing system, i.e. make them
request a ticket from the webservice, which will log it in a database and
store it in a cookie, then have them send credentials (web service runs in
https) and if validated it continues to pass the ticket for following
requests until the web service determines when it expires. But i'm not sure
how safe is this, and don't know exactly what to put in the ticket and how
to protect it/determine if it was hijacked..
any ideas?
i want to build a .NET web service which allows web applications running on
different environments, some non microsoft, to authenticate agains an
existing database of users.
I would like to use as much as is available in the .net framework as
possible.
i've been thinking of using custom membership and role providers that
connects to the webservice which in turn looks up users and roles in the
database.
However i'm not sure what to do in the web apps runnig on apache in php/jsp.
i was thinking of creating some sort of ticketing system, i.e. make them
request a ticket from the webservice, which will log it in a database and
store it in a cookie, then have them send credentials (web service runs in
https) and if validated it continues to pass the ticket for following
requests until the web service determines when it expires. But i'm not sure
how safe is this, and don't know exactly what to put in the ticket and how
to protect it/determine if it was hijacked..
any ideas?