Inter Domain Authentication
Discussion
When someone goes to pistonheads.tv you can find out who they are on .com by calling a script on the .com domain which gets all the details (i.e. a user id) and then passes the ID back to the .tv domain via a basic html/javascript page. It's a bodge, but it's how Microsoft Passport works. I haven't described it very well so email me if you'd like sample code.
Bonce said:
When someone goes to pistonheads.tv you can find out who they are on .com by calling a script on the .com domain which gets all the details (i.e. a user id) and then passes the ID back to the .tv domain via a basic html/javascript page. It's a bodge, but it's how Microsoft Passport works. I haven't described it very well so email me if you'd like sample code.
Damn clever, Bonce. So how do you "consume" the returned page from the .COM domain? Inside of Javascript somehow? We have a propriatary ActiveX control we use for this sort of thing...can you do it without?
could you not redirect them to pistonhead.com from the .tv domain?
I'm not that familar with cookies so my ramblings are based on guesswork but can you not create cookies with more than one domain? what about holding the system on one server (thats how I presume you are doing it already) and querying the same db with all the usernames and what not (hmm, that wouldn't solve the cookie problem).
A bodge in my view would be to mask the pistonheads.tv site and redirect them to pistonheads.com/tv/
As I say ramblings, but something might be useful
Doubt it but worth a shot 
I'm not that familar with cookies so my ramblings are based on guesswork but can you not create cookies with more than one domain? what about holding the system on one server (thats how I presume you are doing it already) and querying the same db with all the usernames and what not (hmm, that wouldn't solve the cookie problem).
A bodge in my view would be to mask the pistonheads.tv site and redirect them to pistonheads.com/tv/
As I say ramblings, but something might be useful
Doubt it but worth a shot Bonce said:
When someone goes to pistonheads.tv you can find out who they are on .com by calling a script on the .com domain which gets all the details (i.e. a user id) and then passes the ID back to the .tv domain via a basic html/javascript page. It's a bodge, but it's how Microsoft Passport works. I haven't described it very well so email me if you'd like sample code.
That's what I'm trying currently. I tried it with XML but that didn't work, so am trying it with Javascript now.
If you've got any sample code it will save me a lot more experimentation! Cheers.
Don said:
I take it this is to allow someone with a PH cookie to access the .TV domain and have the .TV domain "know" who they are?
Easy enough to pass data on the Querystring from .COM to .TV
I really want a solution where if someone logged into .com just goes to .tv then I can recognise who they are immediately. (i.e. not via my links).
If i understand what your trying to do correctly...
If your using standard IIS5 ASP sessions for authentication I don't believe you can. It may be possible using ASP.NET session management using SQL Server (i.e. directly querying the session database) but I've not delved into this much as yet.
Remember there is no NT authentication taking place as such when a user logs in. All actions by an IIS user are executed under the context of the IUSR_ account.
Where your trying to call a script on .com via xml from .tv, a new ASP session will be created on the .com server. You can't pass the session context from the user on .tv to the user created by contacting .com via XML (presumably your creating an HTTP request using MSXML?)
Theres absolutely no way of making a cookie valid between .com and .tv. You can create cookies that will be visible across sub domains but thats it e.g. a cookie from pistonheads.com could be seen by www.pistonheads.com and tv.pistonheads.com.
You really need to be managing session state outside IIS for this. Drop me an email if you want to explore using .NET session state in SQL, other solutions or if I've made no sense at all!
If your using standard IIS5 ASP sessions for authentication I don't believe you can. It may be possible using ASP.NET session management using SQL Server (i.e. directly querying the session database) but I've not delved into this much as yet.
Remember there is no NT authentication taking place as such when a user logs in. All actions by an IIS user are executed under the context of the IUSR_ account.
Where your trying to call a script on .com via xml from .tv, a new ASP session will be created on the .com server. You can't pass the session context from the user on .tv to the user created by contacting .com via XML (presumably your creating an HTTP request using MSXML?)
Theres absolutely no way of making a cookie valid between .com and .tv. You can create cookies that will be visible across sub domains but thats it e.g. a cookie from pistonheads.com could be seen by www.pistonheads.com and tv.pistonheads.com.
You really need to be managing session state outside IIS for this. Drop me an email if you want to explore using .NET session state in SQL, other solutions or if I've made no sense at all!
Two solutions seem viable. Some form of ASP/Javascript to grab the cookie from one domain and provide it to the other. I've not been able to make this work yet though as the state does seem to depend on the calling domain.
Secondly - and the way Microsoft do it - is via redirection.
www.asp101.com/articles/chris/transfercookies/default.asp
http://support.softartisans.com/kbview.aspx?ID=666
Secondly - and the way Microsoft do it - is via redirection.
www.asp101.com/articles/chris/transfercookies/default.asp
http://support.softartisans.com/kbview.aspx?ID=666
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff