Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Pass token from one site to another

Options
  • 13-11-2009 2:37pm
    #1
    irlrobins
    Registered Users Posts: 7,541 ✭✭✭


    Hey all,

    Just looking for a bit of advice on something. Let's say there's two websites: Site A is running Java Servlets, Site B is .net.

    User logs into Site A and a token (random string) is created. If they click a link to Site B on site, I need the token to be passed as part of the request. Site B can then authenicate the user using token.

    I'm just wonder what is the best way of passing the token from A to B? Any suggestions?


Comments

  • Options
    #2
    Ginger
    Registered Users Posts: 2,931 ✭✭✭Ginger


    The only way is using a querystring parameter. You can pass the token and then auth as required. Ideally you build the auth mechanism as a shared service such as a web service so you prevent duplication auth code


  • Options
    #3
    oeb
    Registered Users Posts: 2,793 ✭✭✭oeb


    irlrobins wrote: »
    Hey all,

    Just looking for a bit of advice on something. Let's say there's two websites: Site A is running Java Servlets, Site B is .net.

    User logs into Site A and a token (random string) is created. If they click a link to Site B on site, I need the token to be passed as part of the request. Site B can then authenicate the user using token.

    I'm just wonder what is the best way of passing the token from A to B? Any suggestions?

    If they are not using a shared database, just write a simple service on site B, so when the token is created on site A it will create an entry in the database on site B too (Maybe token + IP address). Then pass that token in the querystring on the link to site B and validate.


  • Options
    #4
    irlrobins
    Registered Users Posts: 7,541 ✭✭✭irlrobins


    The two sites share the same DB, so my intention was to save token to DB, then get site B to verify the passed token against the DB.


  • Options
    #5
    none
    Registered Users Posts: 569 ✭✭✭none


    You can use both HTTP POST (preferred) and GET to pass your parameter to another site.


  • Options
    #6
    spida
    Registered Users Posts: 74 ✭✭spida


    irlrobins wrote: »
    The two sites share the same DB

    Why not just store a token on the client machine as a cookie and then verify that against the database when the user arrives at Site B?:rolleyes:


  • Advertisement
  • Options
    #7
    Ginger
    Registered Users Posts: 2,931 ✭✭✭Ginger


    Cross domain cookie sharing is unreliable at best.. For example you need to set <httpCookies httpOnlyCookies="false" /> to allow ASP.NET to share its cookies with other applications and its not safe from a security point of view.


  • Options
    #8
    irlrobins
    Registered Users Posts: 7,541 ✭✭✭irlrobins


    Thanks for the tips guys, let you know how it goes.


Advertisement