validating from one server to the other

hargi · 6 Oct 2006 at 15:07

dunno if this is posible,
we have a site that is hosted on one server, its a VLE this is password protected access
we want to link from this to another server, but only allow access to this second server if it has come from the first server if that makes sence.
were using windows 2000 server if that makes any difference

hargi · 9 Oct 2006 at 15:11

anyone?

riddlermarc · 9 Oct 2006 at 15:17

Is the following any help?

http://support.microsoft.com/kb/324066/EN-US/

Mr^B · 9 Oct 2006 at 15:23

Some sort of web service on the first server checking for a valid user seems to be the way to go.

Authenticate on the first server.
Store a hashed username and session ID on the first server (in a db somewhere probably).
Redirect to the second server with the hashed username and session ID into the querystring.
On the second server, check via a webservice call to the first server whether the username and session ID are valid.
If they are valid, authorise them on the second server.
Remove the username/sessionid from the first server (so you can't re-auth using the same link twice).

Something along those lines anyway.

It all depends how secure you want it as to how far you go with the hashing/encrypting - you could easily use pgp instead of a hash, etc.

Mr^B · 9 Oct 2006 at 15:25

You could always do something different and check the referrer address in an httpModule or something on the second sever - but that's pretty easy to fake if a nasty hacker tries to attack you.

Again it depends on just how secure you want it.