If one has access to both the Asp.net membership DB (the standard SqlMembershipProvider db, generated with aspnet_regsql.exe
), and the respective asp.net client's cookies, is it possible to correlate the two to identify the user from the cookies?
Background (in case this seems like a hacking attempt!):
We have a web application that mainly runs in asp.net on IIS, with a second http server hooked onto the http pipeline dealing with Comet-style requests to serve up real-time "events" to the client, using a route in the same domain. We'd like to know which asp.net user is using the Comet server, but the Comet server is not asp aware, nor is it even running in IIS.