views:

29

answers:

1

Hello,

We have a Learning Management System (LMS) that runs on its own server (IIS/Server 2003). Students must login with Forms authentication to gain access to the content. We want to offer access to third party flash and audio that is embedded in HTML pages hosted on the third party server (IIS/Server 2003). Currently we use a frame in a pop-up window that is populated via a simple URL to the third party HTML pages.

How can the third party control access to their content, so that only students who launch the pop-up windows from our site can access their content? Since the content is mostly video and flash, we would prefer not to stream all of their content through our server to the Student.

We have a programming staff, so we could maybe...
- either post or get for our HTTP request to the third party server
- we could use SSL
- we could programmatically assign a global NT user account to all of our users and then do some kind of Active Directory login from the LMS server to the third party server
- could the third party content be hosted at Amazon S3? Would this allow for secure access/download?

These are just ideas. We really have no idea. Any suggestions would be greatly appreciated.

TIA, Wylie

A: 

Off the cuff, the active directory approach might work, but the networking behind that might be messy since the 3rd party server isn't inside your LAN.

You could probably authenticate against the 3rd party server by posting the login credentials from the user to that server (it would have to come from the client side, but you could automate it to happen after they log into your server or when they launch the course) and getting a second session set up on that server. Then the session can be managed by cookies and when they link into the server they're already authenticated on that server. If you're using asp.net, a lot of the details should be automated at that point...

That's just off the top of my head though. I haven't tried either.

Kendrick