views:

46

answers:

1

If one has access to both the Asp.net membership DB (the standard SqlMembershipProvider db, generated with aspnet_regsql.exe), and the respective asp.net client's cookies, is it possible to correlate the two to identify the user from the cookies?

Background (in case this seems like a hacking attempt!):

We have a web application that mainly runs in asp.net on IIS, with a second http server hooked onto the http pipeline dealing with Comet-style requests to serve up real-time "events" to the client, using a route in the same domain. We'd like to know which asp.net user is using the Comet server, but the Comet server is not asp aware, nor is it even running in IIS.

+1  A: 

I would recommend adding code to the ASP.NET side to take the authenticated user identity and create something that the COMET server can understand (perhaps a separate cookie). That way, you don't require access to anything other than the currently authenticated user, and are independant of the authentication method.

John Saunders
Makes sense really. Was trying to avoid extra plumbing, but I think my laziness would get in the way of good design. +1
spender