same server and preserve the session state. I have played with
server.transfer but I get an error saying I can't do this. How can I
accomplish this. I don't think redirects with session state being passed in
the url makes any sense from a security standpoint.
--
BarryHow about a secure form post then to a page in the
other web app, carring session info and re-establishing
it?
"barryfz" <barry@.noemail.noemail> wrote in message
news:esTUn5IPGHA.3840@.TK2MSFTNGP14.phx.gbl...
> I need to be able to move from one web app on my server to another on the
> same server and preserve the session state. I have played with
> server.transfer but I get an error saying I can't do this. How can I
> accomplish this. I don't think redirects with session state being passed
in
> the url makes any sense from a security standpoint.
> --
> Barry
Server.Transfer does not affect the Session state as far as I know. Is
session what you meant ?. You can set a session var in one form, transfer to
form 2 and the variable will still be there in session.
--
Terry Burns
http://TrainingOn.net
"Raymond" <undsclsed@.nothee.net> wrote in message
news:wu0Nf.31433$pE4.25921@.trnddc04...
> How about a secure form post then to a page in the
> other web app, carring session info and re-establishing
> it?
>
> "barryfz" <barry@.noemail.noemail> wrote in message
> news:esTUn5IPGHA.3840@.TK2MSFTNGP14.phx.gbl...
>> I need to be able to move from one web app on my server to another on
>> the
>> same server and preserve the session state. I have played with
>> server.transfer but I get an error saying I can't do this. How can I
>> accomplish this. I don't think redirects with session state being passed
> in
>> the url makes any sense from a security standpoint.
>> --
>> Barry
>>
>>
Terrry
I need to transfer to a page in a different site. I am getting an error
saying I can't do that in server.transfer. Maybe I am doing something wrong.
Barry
"Terry Burns" <me@.mine.com> wrote in message
news:u6UT8SJPGHA.3888@.TK2MSFTNGP12.phx.gbl...
> Server.Transfer does not affect the Session state as far as I know. Is
> session what you meant ?. You can set a session var in one form, transfer
> to form 2 and the variable will still be there in session.
> --
> Terry Burns
> http://TrainingOn.net
> "Raymond" <undsclsed@.nothee.net> wrote in message
> news:wu0Nf.31433$pE4.25921@.trnddc04...
>> How about a secure form post then to a page in the
>> other web app, carring session info and re-establishing
>> it?
>>
>>
>> "barryfz" <barry@.noemail.noemail> wrote in message
>> news:esTUn5IPGHA.3840@.TK2MSFTNGP14.phx.gbl...
>>> I need to be able to move from one web app on my server to another on
>>> the
>>> same server and preserve the session state. I have played with
>>> server.transfer but I get an error saying I can't do this. How can I
>>> accomplish this. I don't think redirects with session state being passed
>> in
>>> the url makes any sense from a security standpoint.
>>> --
>>> Barry
>>>
>>>
>>
>>
What you are trying to do is unnatural. The main reason separate
applications exist is so they can maintain separate application state.
That said, there are ways to do it but they are not simple if you're dealing
with very much data. Its a very manual process to pass data between
applications. You can pass data via querystring or a common backend
database, etc.
--
I hope this helps,
Steve C. Orr
MCSD, MVP
http://SteveOrr.net
"barryfz" wrote:
> I need to be able to move from one web app on my server to another on the
> same server and preserve the session state. I have played with
> server.transfer but I get an error saying I can't do this. How can I
> accomplish this. I don't think redirects with session state being passed in
> the url makes any sense from a security standpoint.
> --
> Barry
>
Probably not if the domain is different. There may be
other ways to do it, but the simplest way is to redirect
via a form post and re-establish session using form post
data.
"Terry Burns" <me@.mine.com> wrote in message
news:u6UT8SJPGHA.3888@.TK2MSFTNGP12.phx.gbl...
> Server.Transfer does not affect the Session state as far as I know. Is
> session what you meant ?. You can set a session var in one form, transfer
to
> form 2 and the variable will still be there in session.
Barry,
As Steve and others may have pointed out, Server.Transfer only is designed
to work within the current IIS application.
What you would need to do if you do not want to pass session information on
the querystring or as hidden formfields is to set up a custom database or
other persistent storage mechanism to store and then retrieve by
"customSessionId" the information you need once the redirect lands on the new
site.
Peter
--
Co-founder, Eggheadcafe.com developer portal:
http://www.eggheadcafe.com
UnBlog:
http://petesbloggerama.blogspot.com
"barryfz" wrote:
> I need to be able to move from one web app on my server to another on the
> same server and preserve the session state. I have played with
> server.transfer but I get an error saying I can't do this. How can I
> accomplish this. I don't think redirects with session state being passed in
> the url makes any sense from a security standpoint.
> --
> Barry
>
Raymond,
I am not sure what you mean by domain? While these are different apps they
are on the same server, just different sites.
If I pass this a part of post don't I then allow someone to hijack the data
being posted and use it to gain access?
Barry
"Raymond" <undsclsed@.nothee.net> wrote in message
news:wO0Nf.31438$pE4.6074@.trnddc04...
> Probably not if the domain is different. There may be
> other ways to do it, but the simplest way is to redirect
> via a form post and re-establish session using form post
> data.
>
> "Terry Burns" <me@.mine.com> wrote in message
> news:u6UT8SJPGHA.3888@.TK2MSFTNGP12.phx.gbl...
>> Server.Transfer does not affect the Session state as far as I know. Is
>> session what you meant ?. You can set a session var in one form, transfer
> to
>> form 2 and the variable will still be there in session.
>>
Steve,
I really just need to pass the authentication.
Barry
"Steve C. Orr" <Steve@.Orr.net> wrote in message
news:1E3F794F-B153-4CB8-BF01-B63832F89A4D@.microsoft.com...
> What you are trying to do is unnatural. The main reason separate
> applications exist is so they can maintain separate application state.
> That said, there are ways to do it but they are not simple if you're
> dealing
> with very much data. Its a very manual process to pass data between
> applications. You can pass data via querystring or a common backend
> database, etc.
> --
> I hope this helps,
> Steve C. Orr
> MCSD, MVP
> http://SteveOrr.net
>
> "barryfz" wrote:
>> I need to be able to move from one web app on my server to another on
>> the
>> same server and preserve the session state. I have played with
>> server.transfer but I get an error saying I can't do this. How can I
>> accomplish this. I don't think redirects with session state being passed
>> in
>> the url makes any sense from a security standpoint.
>> --
>> Barry
>>
>>
>
Sorry, I misread you. This is correct, you cannot use server transfer to a
different site. Applications are isolated from each other and so a session
in one does not relate to a session in another. One way is to preserve the
session valriables in an SQL database but you need to serialie them for
storage and de-serialize them on retreival.
--
Terry Burns
http://TrainingOn.net
"barryfz" <barry@.noemail.noemail> wrote in message
news:OCDTjUJPGHA.3864@.TK2MSFTNGP10.phx.gbl...
> Terrry
> I need to transfer to a page in a different site. I am getting an error
> saying I can't do that in server.transfer. Maybe I am doing something
> wrong.
> Barry
>
> "Terry Burns" <me@.mine.com> wrote in message
> news:u6UT8SJPGHA.3888@.TK2MSFTNGP12.phx.gbl...
>> Server.Transfer does not affect the Session state as far as I know. Is
>> session what you meant ?. You can set a session var in one form, transfer
>> to form 2 and the variable will still be there in session.
>>
>> --
>> Terry Burns
>> http://TrainingOn.net
>> "Raymond" <undsclsed@.nothee.net> wrote in message
>> news:wu0Nf.31433$pE4.25921@.trnddc04...
>>> How about a secure form post then to a page in the
>>> other web app, carring session info and re-establishing
>>> it?
>>>
>>>
>>> "barryfz" <barry@.noemail.noemail> wrote in message
>>> news:esTUn5IPGHA.3840@.TK2MSFTNGP14.phx.gbl...
>>>> I need to be able to move from one web app on my server to another on
>>>> the
>>>> same server and preserve the session state. I have played with
>>>> server.transfer but I get an error saying I can't do this. How can I
>>>> accomplish this. I don't think redirects with session state being
>>>> passed
>>> in
>>>> the url makes any sense from a security standpoint.
>>>> --
>>>> Barry
>>>>
>>>>
>>>
>>>
>>
>>
If Authentication is all you need to worry about, then consider using
Windows Integrated Security, this way you wont need a username and password.
This is no use of course if the site is an internet site.
--
Terry Burns
http://TrainingOn.net
"barryfz" <barry@.noemail.noemail> wrote in message
news:utSOE1JPGHA.3460@.TK2MSFTNGP15.phx.gbl...
> Steve,
> I really just need to pass the authentication.
> Barry
>
> "Steve C. Orr" <Steve@.Orr.net> wrote in message
> news:1E3F794F-B153-4CB8-BF01-B63832F89A4D@.microsoft.com...
>> What you are trying to do is unnatural. The main reason separate
>> applications exist is so they can maintain separate application state.
>>
>> That said, there are ways to do it but they are not simple if you're
>> dealing
>> with very much data. Its a very manual process to pass data between
>> applications. You can pass data via querystring or a common backend
>> database, etc.
>>
>> --
>> I hope this helps,
>> Steve C. Orr
>> MCSD, MVP
>> http://SteveOrr.net
>>
>>
>>
>> "barryfz" wrote:
>>
>>> I need to be able to move from one web app on my server to another on
>>> the
>>> same server and preserve the session state. I have played with
>>> server.transfer but I get an error saying I can't do this. How can I
>>> accomplish this. I don't think redirects with session state being passed
>>> in
>>> the url makes any sense from a security standpoint.
>>> --
>>> Barry
>>>
>>>
>>>
You could always pass an encrypted string across.
-Adrian
"barryfz" <barry@.noemail.noemail> wrote in message
news:utSOE1JPGHA.3460@.TK2MSFTNGP15.phx.gbl...
> Steve,
> I really just need to pass the authentication.
> Barry
>
> "Steve C. Orr" <Steve@.Orr.net> wrote in message
> news:1E3F794F-B153-4CB8-BF01-B63832F89A4D@.microsoft.com...
>> What you are trying to do is unnatural. The main reason separate
>> applications exist is so they can maintain separate application state.
>>
>> That said, there are ways to do it but they are not simple if you're
>> dealing
>> with very much data. Its a very manual process to pass data between
>> applications. You can pass data via querystring or a common backend
>> database, etc.
>>
>> --
>> I hope this helps,
>> Steve C. Orr
>> MCSD, MVP
>> http://SteveOrr.net
>>
>>
>>
>> "barryfz" wrote:
>>
>>> I need to be able to move from one web app on my server to another on
>>> the
>>> same server and preserve the session state. I have played with
>>> server.transfer but I get an error saying I can't do this. How can I
>>> accomplish this. I don't think redirects with session state being passed
>>> in
>>> the url makes any sense from a security standpoint.
>>> --
>>> Barry
>>>
>>>
>>>
Default Sessions objects use cookies, which
are associated by URL domains, not server, on the client.
And each site on a server works in a different appdomain, so
the session objects aren't normally visible across those
appdomains even if you somehow figured out the client side
association.
If you pass session state info via a secure form post
then it's very secure. You're going to have to pass some
sort of associating data anyway, either by URL or form post.
There is no escaping that.
"barryfz" <barry@.noemail.noemail> wrote in message
news:%23MYjY0JPGHA.2796@.TK2MSFTNGP10.phx.gbl...
> Raymond,
> I am not sure what you mean by domain? While these are different apps they
> are on the same server, just different sites.
> If I pass this a part of post don't I then allow someone to hijack the
data
> being posted and use it to gain access?
> Barry
>
> "Raymond" <undsclsed@.nothee.net> wrote in message
> news:wO0Nf.31438$pE4.6074@.trnddc04...
> > Probably not if the domain is different. There may be
> > other ways to do it, but the simplest way is to redirect
> > via a form post and re-establish session using form post
> > data.
> > "Terry Burns" <me@.mine.com> wrote in message
> > news:u6UT8SJPGHA.3888@.TK2MSFTNGP12.phx.gbl...
> >> Server.Transfer does not affect the Session state as far as I know. Is
> >> session what you meant ?. You can set a session var in one form,
transfer
> > to
> >> form 2 and the variable will still be there in session.
> >>
Raymond,
Thanks for the feedbackon this. Can you clarify what you mean by a ":secure
post"?
Barry
"Raymond" <undsclsed@.nothee.net> wrote in message
news:eS1Nf.16048$fU6.5565@.trnddc08...
> Default Sessions objects use cookies, which
> are associated by URL domains, not server, on the client.
> And each site on a server works in a different appdomain, so
> the session objects aren't normally visible across those
> appdomains even if you somehow figured out the client side
> association.
> If you pass session state info via a secure form post
> then it's very secure. You're going to have to pass some
> sort of associating data anyway, either by URL or form post.
> There is no escaping that.
> "barryfz" <barry@.noemail.noemail> wrote in message
> news:%23MYjY0JPGHA.2796@.TK2MSFTNGP10.phx.gbl...
>> Raymond,
>>
>> I am not sure what you mean by domain? While these are different apps
>> they
>> are on the same server, just different sites.
>>
>> If I pass this a part of post don't I then allow someone to hijack the
> data
>> being posted and use it to gain access?
>>
>> Barry
>>
>>
>> "Raymond" <undsclsed@.nothee.net> wrote in message
>> news:wO0Nf.31438$pE4.6074@.trnddc04...
>> > Probably not if the domain is different. There may be
>> > other ways to do it, but the simplest way is to redirect
>> > via a form post and re-establish session using form post
>> > data.
>>>> > "Terry Burns" <me@.mine.com> wrote in message
>> > news:u6UT8SJPGHA.3888@.TK2MSFTNGP12.phx.gbl...
>> >> Server.Transfer does not affect the Session state as far as I know. Is
>> >> session what you meant ?. You can set a session var in one form,
> transfer
>> > to
>> >> form 2 and the variable will still be there in session.
>> >>
>>>>
>>
Form post via https. Passing all the session data that way
is the easiest. If SSL is not available, then consider passing
encrypted values using http form post and then decrypting on the
other end before re-creating the same session.
"barryfz" <barry@.noemail.noemail> wrote in message
news:%238%238Y6KPGHA.3732@.TK2MSFTNGP10.phx.gbl...
> Raymond,
> Thanks for the feedbackon this. Can you clarify what you mean by a
":secure
> post"?
> Barry
>
> "Raymond" <undsclsed@.nothee.net> wrote in message
> news:eS1Nf.16048$fU6.5565@.trnddc08...
> > Default Sessions objects use cookies, which
> > are associated by URL domains, not server, on the client.
> > And each site on a server works in a different appdomain, so
> > the session objects aren't normally visible across those
> > appdomains even if you somehow figured out the client side
> > association.
> > If you pass session state info via a secure form post
> > then it's very secure. You're going to have to pass some
> > sort of associating data anyway, either by URL or form post.
> > There is no escaping that.
> > "barryfz" <barry@.noemail.noemail> wrote in message
> > news:%23MYjY0JPGHA.2796@.TK2MSFTNGP10.phx.gbl...
> >> Raymond,
> >>
> >> I am not sure what you mean by domain? While these are different apps
> >> they
> >> are on the same server, just different sites.
> >>
> >> If I pass this a part of post don't I then allow someone to hijack the
> > data
> >> being posted and use it to gain access?
> >>
> >> Barry
> >>
> >>
> >> "Raymond" <undsclsed@.nothee.net> wrote in message
> >> news:wO0Nf.31438$pE4.6074@.trnddc04...
> >> > Probably not if the domain is different. There may be
> >> > other ways to do it, but the simplest way is to redirect
> >> > via a form post and re-establish session using form post
> >> > data.
> >> >> >> > "Terry Burns" <me@.mine.com> wrote in message
> >> > news:u6UT8SJPGHA.3888@.TK2MSFTNGP12.phx.gbl...
> >> >> Server.Transfer does not affect the Session state as far as I know.
Is
> >> >> session what you meant ?. You can set a session var in one form,
> > transfer
> >> > to
> >> >> form 2 and the variable will still be there in session.
> >> >>
> >> >> >>
> >>
That sounds feasible. What is "customSessionID"?
"Peter Bromberg [C# MVP]" <pbromberg@.yahoo.nospammin.com> wrote in message
news:BD99B17C-175B-4629-8D8A-4D20C75C6075@.microsoft.com...
> Barry,
> As Steve and others may have pointed out, Server.Transfer only is designed
> to work within the current IIS application.
> What you would need to do if you do not want to pass session information
> on
> the querystring or as hidden formfields is to set up a custom database or
> other persistent storage mechanism to store and then retrieve by
> "customSessionId" the information you need once the redirect lands on the
> new
> site.
> Peter
> --
> Co-founder, Eggheadcafe.com developer portal:
> http://www.eggheadcafe.com
> UnBlog:
> http://petesbloggerama.blogspot.com
>
>
> "barryfz" wrote:
>> I need to be able to move from one web app on my server to another on
>> the
>> same server and preserve the session state. I have played with
>> server.transfer but I get an error saying I can't do this. How can I
>> accomplish this. I don't think redirects with session state being passed
>> in
>> the url makes any sense from a security standpoint.
>> --
>> Barry
>>
>>
>
Hi Barry,
As for Server.Transfer, it can only work within a single ASP.NET
application but not across mutiple application or server bounary. Also,
session State is also not able to share between multiple applications. In
ASP.NET 2.0, there does provides interfaces for us to create customized
session storage provider(customzied session state httpmodule), however
that'll require quite complex work:
#Implementing a Session-State Store Provider
http://msdn2.microsoft.com/en-us/li...)/ms178587.aspx
BTW, if your applications are using ASP.NET forms Authentication and want
to share the forms authentication's autentication ticket(cookie based)
across multiple applications, you can have a look at the following
reference:
#How To Share Authentication Cookies across ASP.NET V1.1 and ASP.NET V2.0
Applications
http://weblogs.asp.net/scottgu/arch.../10/432851.aspx
Regards,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Thanks Raymond,
I can do that, but couldn't someone grab the post and resend it from their
own brower and thus hijack the session?
Barry
"Raymond" <undsclsed@.nothee.net> wrote in message
news:vJ3Nf.31459$pE4.23999@.trnddc04...
> Form post via https. Passing all the session data that way
> is the easiest. If SSL is not available, then consider passing
> encrypted values using http form post and then decrypting on the
> other end before re-creating the same session.
>
> "barryfz" <barry@.noemail.noemail> wrote in message
> news:%238%238Y6KPGHA.3732@.TK2MSFTNGP10.phx.gbl...
>> Raymond,
>>
>> Thanks for the feedbackon this. Can you clarify what you mean by a
> ":secure
>> post"?
>>
>> Barry
>>
>>
>> "Raymond" <undsclsed@.nothee.net> wrote in message
>> news:eS1Nf.16048$fU6.5565@.trnddc08...
>> > Default Sessions objects use cookies, which
>> > are associated by URL domains, not server, on the client.
>> > And each site on a server works in a different appdomain, so
>> > the session objects aren't normally visible across those
>> > appdomains even if you somehow figured out the client side
>> > association.
>>> > If you pass session state info via a secure form post
>> > then it's very secure. You're going to have to pass some
>> > sort of associating data anyway, either by URL or form post.
>> > There is no escaping that.
>>> > "barryfz" <barry@.noemail.noemail> wrote in message
>> > news:%23MYjY0JPGHA.2796@.TK2MSFTNGP10.phx.gbl...
>> >> Raymond,
>> >>
>> >> I am not sure what you mean by domain? While these are different apps
>> >> they
>> >> are on the same server, just different sites.
>> >>
>> >> If I pass this a part of post don't I then allow someone to hijack the
>> > data
>> >> being posted and use it to gain access?
>> >>
>> >> Barry
>> >>
>> >>
>> >> "Raymond" <undsclsed@.nothee.net> wrote in message
>> >> news:wO0Nf.31438$pE4.6074@.trnddc04...
>> >> > Probably not if the domain is different. There may be
>> >> > other ways to do it, but the simplest way is to redirect
>> >> > via a form post and re-establish session using form post
>> >> > data.
>> >>> >>> >> > "Terry Burns" <me@.mine.com> wrote in message
>> >> > news:u6UT8SJPGHA.3888@.TK2MSFTNGP12.phx.gbl...
>> >> >> Server.Transfer does not affect the Session state as far as I know.
> Is
>> >> >> session what you meant ?. You can set a session var in one form,
>> > transfer
>> >> > to
>> >> >> form 2 and the variable will still be there in session.
>> >> >>
>> >>> >>> >>
>> >>
>>>>
>>
Thanks Steven,
I think this is what I am looking for.
Barry
"Steven Cheng[MSFT]" <stcheng@.online.microsoft.com> wrote in message
news:YuKvpPPPGHA.2972@.TK2MSFTNGXA03.phx.gbl...
> Hi Barry,
> As for Server.Transfer, it can only work within a single ASP.NET
> application but not across mutiple application or server bounary. Also,
> session State is also not able to share between multiple applications. In
> ASP.NET 2.0, there does provides interfaces for us to create customized
> session storage provider(customzied session state httpmodule), however
> that'll require quite complex work:
> #Implementing a Session-State Store Provider
> http://msdn2.microsoft.com/en-us/li...)/ms178587.aspx
> BTW, if your applications are using ASP.NET forms Authentication and want
> to share the forms authentication's autentication ticket(cookie based)
> across multiple applications, you can have a look at the following
> reference:
> #How To Share Authentication Cookies across ASP.NET V1.1 and ASP.NET V2.0
> Applications
> http://weblogs.asp.net/scottgu/arch.../10/432851.aspx
> Regards,
> Steven Cheng
> Microsoft Online Support
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>
>
>
Well, what's to prevent them from doing that now
with the sessions you have going now from the same
site? The transfer as I outlined doesn't add any new
vulnerability. If a hijaking vulnarability already exists
for the sessions on the same site, it'll also exist for the
cross-site transfer.
"barryfz" <barry@.noemail.noemail> wrote in message
news:OaGEwCTPGHA.648@.TK2MSFTNGP14.phx.gbl...
> Thanks Raymond,
> I can do that, but couldn't someone grab the post and resend it from their
> own brower and thus hijack the session?
> Barry
>
> "Raymond" <undsclsed@.nothee.net> wrote in message
> news:vJ3Nf.31459$pE4.23999@.trnddc04...
> > Form post via https. Passing all the session data that way
> > is the easiest. If SSL is not available, then consider passing
> > encrypted values using http form post and then decrypting on the
> > other end before re-creating the same session.
> > "barryfz" <barry@.noemail.noemail> wrote in message
> > news:%238%238Y6KPGHA.3732@.TK2MSFTNGP10.phx.gbl...
> >> Raymond,
> >>
> >> Thanks for the feedbackon this. Can you clarify what you mean by a
> > ":secure
> >> post"?
> >>
> >> Barry
> >>
> >>
> >> "Raymond" <undsclsed@.nothee.net> wrote in message
> >> news:eS1Nf.16048$fU6.5565@.trnddc08...
> >> > Default Sessions objects use cookies, which
> >> > are associated by URL domains, not server, on the client.
> >> > And each site on a server works in a different appdomain, so
> >> > the session objects aren't normally visible across those
> >> > appdomains even if you somehow figured out the client side
> >> > association.
> >> >> > If you pass session state info via a secure form post
> >> > then it's very secure. You're going to have to pass some
> >> > sort of associating data anyway, either by URL or form post.
> >> > There is no escaping that.
> >> >> > "barryfz" <barry@.noemail.noemail> wrote in message
> >> > news:%23MYjY0JPGHA.2796@.TK2MSFTNGP10.phx.gbl...
> >> >> Raymond,
> >> >>
> >> >> I am not sure what you mean by domain? While these are different
apps
> >> >> they
> >> >> are on the same server, just different sites.
> >> >>
> >> >> If I pass this a part of post don't I then allow someone to hijack
the
> >> > data
> >> >> being posted and use it to gain access?
> >> >>
> >> >> Barry
> >> >>
> >> >>
> >> >> "Raymond" <undsclsed@.nothee.net> wrote in message
> >> >> news:wO0Nf.31438$pE4.6074@.trnddc04...
> >> >> > Probably not if the domain is different. There may be
> >> >> > other ways to do it, but the simplest way is to redirect
> >> >> > via a form post and re-establish session using form post
> >> >> > data.
> >> >> >> >> >> >> > "Terry Burns" <me@.mine.com> wrote in message
> >> >> > news:u6UT8SJPGHA.3888@.TK2MSFTNGP12.phx.gbl...
> >> >> >> Server.Transfer does not affect the Session state as far as I
know.
> > Is
> >> >> >> session what you meant ?. You can set a session var in one form,
> >> > transfer
> >> >> > to
> >> >> >> form 2 and the variable will still be there in session.
> >> >> >>
> >> >> >> >> >> >>
> >> >>
> >> >> >>
> >>
Barry, I would suggest that you re-think the problem if possible, this is
not really a good way to go about it. I realize sometimes this is not
possible for various reasons, but if there is any way around it, you should
think hard about it.
--
Terry Burns
http://TrainingOn.net
"barryfz" <barry@.noemail.noemail> wrote in message
news:%23gpoyKTPGHA.532@.TK2MSFTNGP15.phx.gbl...
> Thanks Steven,
> I think this is what I am looking for.
> Barry
>
> "Steven Cheng[MSFT]" <stcheng@.online.microsoft.com> wrote in message
> news:YuKvpPPPGHA.2972@.TK2MSFTNGXA03.phx.gbl...
>> Hi Barry,
>>
>> As for Server.Transfer, it can only work within a single ASP.NET
>> application but not across mutiple application or server bounary. Also,
>> session State is also not able to share between multiple applications. In
>> ASP.NET 2.0, there does provides interfaces for us to create customized
>> session storage provider(customzied session state httpmodule), however
>> that'll require quite complex work:
>>
>> #Implementing a Session-State Store Provider
>> http://msdn2.microsoft.com/en-us/li...)/ms178587.aspx
>>
>> BTW, if your applications are using ASP.NET forms Authentication and want
>> to share the forms authentication's autentication ticket(cookie based)
>> across multiple applications, you can have a look at the following
>> reference:
>>
>> #How To Share Authentication Cookies across ASP.NET V1.1 and ASP.NET V2.0
>> Applications
>> http://weblogs.asp.net/scottgu/arch.../10/432851.aspx
>>
>> Regards,
>>
>> Steven Cheng
>> Microsoft Online Support
>>
>> Get Secure! www.microsoft.com/security
>> (This posting is provided "AS IS", with no warranties, and confers no
>> rights.)
>>
>>
>>
>>
>>
>>
>>
>>
>>
Thanks for Terry's input,
Hi Barry,
I think Terry's suggestion is reasonable, we should think it over to
determine whether using such cross-authentication is necessary. If we can
use other approach or design to avoid it, that'll be preferred.
Regards,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Here is my problem. I have a DNN portal site and an eCommerce site that is
not a DNN module. I really do not have the resources available to recode
the eCommerce site to make it DNN comliant. Up until now we have not had DNN
content that requried any security so we deferred security to the eCommerce
site entirely. Now I am being asked to add content to the DNN site that
will require security but we don't want to make our customers log on twice,
once for DNN adn once for eCommerce. I need to come up with a way to handle
a single sign on for both sites. I have requeste info from MS about using
Passport but I need to assess all alternatives.
Any suggestions are mor than welcome.
Barry
"Steven Cheng[MSFT]" <stcheng@.online.microsoft.com> wrote in message
news:IIjfLnZPGHA.6432@.TK2MSFTNGXA03.phx.gbl...
> Thanks for Terry's input,
> Hi Barry,
> I think Terry's suggestion is reasonable, we should think it over to
> determine whether using such cross-authentication is necessary. If we can
> use other approach or design to avoid it, that'll be preferred.
> Regards,
> Steven Cheng
> Microsoft Online Support
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
Actually, passport would have been my suggestion if you could not work
around. I think its your best option by the sounds of things,
Good luck
--
Terry Burns
http://TrainingOn.net
"barryfz" <barry@.noemail.noemail> wrote in message
news:u0i2T2fPGHA.3508@.TK2MSFTNGP10.phx.gbl...
> Here is my problem. I have a DNN portal site and an eCommerce site that
> is not a DNN module. I really do not have the resources available to
> recode the eCommerce site to make it DNN comliant. Up until now we have
> not had DNN content that requried any security so we deferred security to
> the eCommerce site entirely. Now I am being asked to add content to the
> DNN site that will require security but we don't want to make our
> customers log on twice, once for DNN adn once for eCommerce. I need to
> come up with a way to handle a single sign on for both sites. I have
> requeste info from MS about using Passport but I need to assess all
> alternatives.
> Any suggestions are mor than welcome.
> Barry
>
> "Steven Cheng[MSFT]" <stcheng@.online.microsoft.com> wrote in message
> news:IIjfLnZPGHA.6432@.TK2MSFTNGXA03.phx.gbl...
>> Thanks for Terry's input,
>>
>> Hi Barry,
>>
>> I think Terry's suggestion is reasonable, we should think it over to
>> determine whether using such cross-authentication is necessary. If we can
>> use other approach or design to avoid it, that'll be preferred.
>>
>> Regards,
>>
>> Steven Cheng
>> Microsoft Online Support
>>
>> Get Secure! www.microsoft.com/security
>> (This posting is provided "AS IS", with no warranties, and confers no
>> rights.)
>>
0 comments:
Post a Comment