Wrox Programmer Forums
|
ASP.NET 1.0 and 1.1 Professional For advanced ASP.NET 1.x coders. Beginning-level questions will be redirected to other forums. NOT for "classic" ASP 3 or the newer ASP.NET 2.0 and 3.5
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 1.0 and 1.1 Professional section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old April 10th, 2006, 10:58 PM
Authorized User
 
Join Date: Apr 2006
Posts: 17
Thanks: 0
Thanked 0 Times in 0 Posts
Default Cross-site security problem!

There are two projects, for example, project_A and project_B. The project on the identical machine, the database may not place on a machine.Most of the pages in both project_A and project_B need authentications and authorizations. For some reasons, I now need through the project_A to connect the pages contained in project_B.
How the users belong to the project_A can be recognized by project_B.How can I make the process safe?

    User_A -------------> User???
----------------- Request ----------------
   Project_A ----------> Project_B
----------------- ----------------

I have made some essential methods.
1.Cookie and Session
Session can't work in the cross-site, Cookie may use, but has the request regarding the connection string of character(URL).
2.Session state
I didn't understand it very clearly.I only knew session state has special state the service managementamd, and the projects need to work with the database in the same computer.
3.Extended Forms Authentication and SSL
I thought this is the quite good method.Different projects use the same encrypted machineconfig in the file named web.config, and the key will be saved in the register.
Code:
 
<authentication mode="Forms"/>
<machineKey validationKey="BC96635A96D0561BA5E7CEECDC29A3166ED0B8EBF7564
    95653B0C6C1389E081A4BDE0FAD53F9933E3AA3044A3C2E13985736D7C18B69DF21A
    EAB" decryptionKey="8A424F4F4EE4D357AED944665C2CBEB47D64E448989628AC" validation="SHA1"/>

4.I write common security module in both projects.

Thank you!

Cheers,
Zhangguoyi

No pains, no gains.
__________________
:)¡¶
&nbsp;¡¶¡¶ No pains, no gains.
¡¶¡¶¡¶
 
Old April 10th, 2006, 11:27 PM
Authorized User
 
Join Date: Apr 2006
Posts: 17
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I also want to use ACT to balance the capability and security.

:)¡¶
 Â¡Â¶Â¡Â¶ No pains, no gains.
¡¶¡¶¡¶
 
Old April 11th, 2006, 02:55 AM
Authorized User
 
Join Date: Apr 2006
Posts: 17
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I save user identities in the Session.
From Project_A I use a URL to connect a special page in Project_B.
The function of this special page is that I decrypt the encrypted user identity and create the very session.
If the session has been created successfully, the page will redirect to the request page.


:)¡¶
 Â¡Â¶Â¡Â¶ No pains, no gains.
¡¶¡¶¡¶





Similar Threads
Thread Thread Starter Forum Replies Last Post
Cross tab problem sanjivbshinde Crystal Reports 0 August 21st, 2007 11:36 PM
Site map security trimming. weisma BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0 5 December 25th, 2006 11:57 PM
Web Site Administration Tool Security Help BCullenward ASP.NET 2.0 Basics 3 November 20th, 2006 10:06 AM
Designing for cross browser site joefawcett CSS Cascading Style Sheets 3 June 22nd, 2005 08:09 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.