sharing authentication/authorization between ASP.NET and Classic ASP pages?

sharing authentication/authorization between ASP.NET and Classic ASP pages?

Post by kenfin » Fri, 20 May 2005 11:53:09


I'm looking for articles, books, code, or just generally good approaches for
how to deal with the problem of password-protecting pages in a website that
consists of both ASP and ASP.NET pages.

This isn't being built for a bank, and the method does not have to be
super-uber-ultra-secure. It does need to fend off the average persistent
hacker.

Can someone please point the way? Thanks very much.

-KF
 
 
 

sharing authentication/authorization between ASP.NET and Classic ASP pages?

Post by Kevin Spen » Fri, 20 May 2005 20:22:19

Hi KF,

ASP and ASP.Net are both ISAPIs (Internet Server Application Programming
Interface), which means that they run as separate applications, or
processes, on the web server machine. As they are separate rocesses, they
cannot share memory. Therefore, the only way that they can "share data" or
communicate with one another, is via Messaging of some sort or another. So,
your answer lies in that realm. How does any client communicate with an ASP
or ASP.Net application? Via HTTP, by sending a Request. Now, there are some
other ways, depending on the relative locations of the applications, such as
MSMQ (Message Queuing, or Messaging), but they are generally more trouble
than you will need to go to.

Now, as you want to protect the security of your users, you will probably
want to at least hide information from the users by using POST requests
rather than GET requests, and you can also incorporate some level of
encryption via HTTPS (VERY secure), or your own hand-rolled encryption
solution.

--
HTH,

Kevin Spencer
Microsoft MVP
.Net Developer
Sometimes you eat the elephant.
Sometimes the elephant eats you.