Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

Pass token from one site to another

  • 13-11-2009 02:37PM
    #1
    irlrobins
    Registered Users, Registered Users 2 Posts: 7,541 ✭✭✭


    Hey all,

    Just looking for a bit of advice on something. Let's say there's two websites: Site A is running Java Servlets, Site B is .net.

    User logs into Site A and a token (random string) is created. If they click a link to Site B on site, I need the token to be passed as part of the request. Site B can then authenicate the user using token.

    I'm just wonder what is the best way of passing the token from A to B? Any suggestions?


Comments

  • #2
    Ginger
    Registered Users, Registered Users 2 Posts: 2,931 ✭✭✭Ginger


    The only way is using a querystring parameter. You can pass the token and then auth as required. Ideally you build the auth mechanism as a shared service such as a web service so you prevent duplication auth code


  • #3
    oeb
    Registered Users, Registered Users 2 Posts: 2,793 ✭✭✭oeb


    irlrobins wrote: »
    Hey all,

    Just looking for a bit of advice on something. Let's say there's two websites: Site A is running Java Servlets, Site B is .net.

    User logs into Site A and a token (random string) is created. If they click a link to Site B on site, I need the token to be passed as part of the request. Site B can then authenicate the user using token.

    I'm just wonder what is the best way of passing the token from A to B? Any suggestions?

    If they are not using a shared database, just write a simple service on site B, so when the token is created on site A it will create an entry in the database on site B too (Maybe token + IP address). Then pass that token in the querystring on the link to site B and validate.


  • #4
    irlrobins
    Registered Users, Registered Users 2 Posts: 7,541 ✭✭✭irlrobins


    The two sites share the same DB, so my intention was to save token to DB, then get site B to verify the passed token against the DB.


  • #5
    none
    Registered Users, Registered Users 2 Posts: 569 ✭✭✭none


    You can use both HTTP POST (preferred) and GET to pass your parameter to another site.


  • #6
    spida
    Registered Users, Registered Users 2 Posts: 74 ✭✭spida


    irlrobins wrote: »
    The two sites share the same DB

    Why not just store a token on the client machine as a cookie and then verify that against the database when the user arrives at Site B?:rolleyes:


  • Advertisement
  • #7
    Ginger
    Registered Users, Registered Users 2 Posts: 2,931 ✭✭✭Ginger


    Cross domain cookie sharing is unreliable at best.. For example you need to set <httpCookies httpOnlyCookies="false" /> to allow ASP.NET to share its cookies with other applications and its not safe from a security point of view.


  • #8
    irlrobins
    Registered Users, Registered Users 2 Posts: 7,541 ✭✭✭irlrobins


    Thanks for the tips guys, let you know how it goes.


Advertisement