tags:

views:

140

answers:

1
+2  Q: 

Security Token/Cross Domain Cookie in Classic ASP?

I have an interesting conundrum.

We have a site that is a completely separate domain, we'll say http://www.x.com and our own site that is http://www.y.com. The y.com site is actually a classic ASP site, and we aren't converting it to .NET at this time.

The problem is that there is a link on x.com that redirects to y.com from a members area. We want to "authenticate" the user to make sure they are a member from the other site. If they are, they are directed to a members area on y.com. If not, they have to provide login information on y.com.

Cookies obviously don't work due to the cross domain security, but is there a way around this? I've also looked at a service for tokens, but I'm not sure exactly how that works in Classic ASP. Any ideas or suggestions?

A: 

What I did when I needed to pass information cross domain what so hash the information into one variable and pass the url/page as another variable as a post into a page on the y.com. That page would unhash the data, set the cookies and session variables, and then do a redirect or server.transfer to the page that was passed. The same can work going from y.com to x.com.

JDMX  2010-04-21 14:21:50
So, this would involve a hyperlink submitting via onclick, then the action directing to our y.com page, and then grabbing the POST data?
jlrolin  2010-04-21 14:42:40
Yes. I wanted to have all the posts go through one function so that I control how the hash was resolved and so I could add and remove data from it easier. That is why I included the url/page as an extra variable in the post. After the validation, then I would proceed to the requested page. If would also pass the url to the login page so that the user would bypass the default login page to the requested page after the login occured
JDMX  2010-04-21 14:57:06

related questions

asp consuming a web service, what do do with recordset object ?
How exactly do you configure httpOnly Cookies in ASP Classic?
Replace huge Case statement in Classic ASP
How do the CakePHP and codeigniter frameworks compare to the ASP.NET MVC framework?
Why do I get this error "[DBNETLIB][ConnectionRead (recv()).]General network error" with ASP pages
ASPSmartUpload v3.2
Are there benefits to Classic ASP over ASP.net
Why continue writing legacy systems?
Remote Debugging Server Side of a Web Application with Visual Studio 2008
Migrating from ASP Classic to .NET and pain mitigation
VBScript/ASP Classic
What is this 'Multiple-step OLE DB' error?
Code Classic ASP in Linux
How do I secure a folder used to let users upload files?
ASP/VBScript - Int() vs CInt()
What's the best way to manage a classic asp front-end using Visual Studio 2008?
Calling ASP.NET web service from ASP using SOAPClient
IIS 6/COM+ hangs
Select Query on 2 tables, on different database servers
Calling REST web services from a classic asp page
How to run remote shell scripts from ASP pages?
What is the IDE for classic ASP and VBScript?
Using ConfigurationManager to load config from an arbitrary location
What is the best way to iterate through an array in Classic Asp VBScript?
How do I build a collection in classic ASP?