How would you face this problem?

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • MarcoG
    #1

    How would you face this problem?

    Hi,

    I have an online application (written in .asp) that requires a login to be
    accessed and used. I have a login.asp page that asks for username and
    password, looks up in a MS SQL db if a combination of those
    username/password is available and, if so, sets a session variable and goes
    to home.asp (this page checks if the session variable has been set, and if
    not, redirects to login.asp). That's the usual method in .asp to make
    password-protected pages. This way, the SQL database contains all usernames
    and passwords.

    Now I have a company that wants to use my application (hosted on my server)
    but does not want their users to make a double login, I mean one login to
    their network and one login to my application. They want a way so that my
    application recognizes their users and logins automatically; in a few words,
    their users should be allowed to go directly to home.asp without first
    stepping to login.asp.

    They are using a Windows network, so I looked into using Active Directory
    (LDAP) integration in .asp pages but:

    1) Can you tell me a source where I can find simple integration information?
    I found a lot of information, but nothing is very simple

    2) Since my application is hosted on my server (on-line and outside their
    network), I don't think I'll be able to use AD integration, because I think
    they should be in the same domain

    So, my final question is: how would you approach such a problem? Googling on
    the net I also found this page
    http://www.google.com/a/help/intl/en.../editions.html where Google
    offers a single sign-on to their application via API. I think they don't use
    AD integration, but they achieve exactly what I need (a single sign-on). So,
    how can Google do such a thing? What approach are they using? I can develop
    a login API for my application too.

    Thank you.


    Tags: None
    • ThatsIT.net.au
      #2
      Re: How would you face this problem?

      You could remove the login, and in IIS restrict use by ip address


      "MarcoG" <nospam@nospam. comwrote in message
      news:45e2e750$0 $4794$4fafbaef@ reader4.news.ti n.it...
      Hi,
      >
      I have an online application (written in .asp) that requires a login to be
      accessed and used. I have a login.asp page that asks for username and
      password, looks up in a MS SQL db if a combination of those
      username/password is available and, if so, sets a session variable and
      goes
      to home.asp (this page checks if the session variable has been set, and if
      not, redirects to login.asp). That's the usual method in .asp to make
      password-protected pages. This way, the SQL database contains all
      usernames
      and passwords.
      >
      Now I have a company that wants to use my application (hosted on my
      server)
      but does not want their users to make a double login, I mean one login to
      their network and one login to my application. They want a way so that my
      application recognizes their users and logins automatically; in a few
      words,
      their users should be allowed to go directly to home.asp without first
      stepping to login.asp.
      >
      They are using a Windows network, so I looked into using Active Directory
      (LDAP) integration in .asp pages but:
      >
      1) Can you tell me a source where I can find simple integration
      information?
      I found a lot of information, but nothing is very simple
      >
      2) Since my application is hosted on my server (on-line and outside their
      network), I don't think I'll be able to use AD integration, because I
      think
      they should be in the same domain
      >
      So, my final question is: how would you approach such a problem? Googling
      on
      the net I also found this page
      http://www.google.com/a/help/intl/en.../editions.html where Google
      offers a single sign-on to their application via API. I think they don't
      use
      AD integration, but they achieve exactly what I need (a single sign-on).
      So,
      how can Google do such a thing? What approach are they using? I can
      develop
      a login API for my application too.
      >
      Thank you.
      >
      >

        Comment

        • MarcG
          #3
          Re: How would you face this problem?

          "ThatsIT.net.au " <me@thatsitha scritto nel messaggio
          news:09D992DE-C654-4EE7-9152-24238D6E03FF@mi crosoft.com...
          You could remove the login, and in IIS restrict use by ip address
          Thanks, but employees may not have fixed IPs


            Comment

            • Jon Paal [MSMD]
              #4
              Re: How would you face this problem?

              perhaps a web service or use of something like passport...


              "MarcoG" <nospam@nospam. comwrote in message news:45e2e750$0 $4794$4fafbaef@ reader4.news.ti n.it...
              Hi,
              >
              I have an online application (written in .asp) that requires a login to be
              accessed and used. I have a login.asp page that asks for username and
              password, looks up in a MS SQL db if a combination of those
              username/password is available and, if so, sets a session variable and goes
              to home.asp (this page checks if the session variable has been set, and if
              not, redirects to login.asp). That's the usual method in .asp to make
              password-protected pages. This way, the SQL database contains all usernames
              and passwords.
              >
              Now I have a company that wants to use my application (hosted on my server)
              but does not want their users to make a double login, I mean one login to
              their network and one login to my application. They want a way so that my
              application recognizes their users and logins automatically; in a few words,
              their users should be allowed to go directly to home.asp without first
              stepping to login.asp.
              >
              They are using a Windows network, so I looked into using Active Directory
              (LDAP) integration in .asp pages but:
              >
              1) Can you tell me a source where I can find simple integration information?
              I found a lot of information, but nothing is very simple
              >
              2) Since my application is hosted on my server (on-line and outside their
              network), I don't think I'll be able to use AD integration, because I think
              they should be in the same domain
              >
              So, my final question is: how would you approach such a problem? Googling on
              the net I also found this page
              http://www.google.com/a/help/intl/en.../editions.html where Google
              offers a single sign-on to their application via API. I think they don't use
              AD integration, but they achieve exactly what I need (a single sign-on). So,
              how can Google do such a thing? What approach are they using? I can develop
              a login API for my application too.
              >
              Thank you.
              >
              >

                Comment

                • MarcG
                  #5
                  Re: How would you face this problem?

                  "Jon Paal [MSMD]" <Jon nospam Paal @ everywhere dot comha scritto nel
                  messaggio news:12u8lb9i2l qhe08@corp.supe rnews.com...
                  perhaps a web service or use of something like passport...
                  Exactly, I was thinking something like that... But where can I find more
                  information?
                  Thanks.


                    Comment

                    Previous template Next
                    Working...