IIS Authentication across servers

Question

My production environment involves a pair of IIS 6 web servers, one running legacy .NET 1.1 applications and the other running .NET 2.0 applications. We cannot install .NET 2.0 alongside 1.1 on the same machine because it is a tightly-regulated 'Validated System' and would present a bureaucratic nightmare to revalidate.

Websites on both servers use Basic Authentication against Active Directory user accounts.

Is it possible for a web application on the 1.1 server to securely redirect a user to a page served on the 2.0 server, without requiring users to re-authenticate?

Answer 1

yes, check out here

http://weblogs.asp.net/scottgu/archive/2005/12/10/432851.aspx

Answer 2

In order to achieve this you could implement a single sign-on solution.

This solution would have one server be your master authentication server. This server would be responsible for authentication and creating a cookie for the user. When you redirect to the other server (on the same domain) check to see if the authentication cookie exists that was created by the authentication server, and if it exists, and has valid data, auto login the user. Make sure that you set the domain on the forms authentication ticket and cookie, and then both servers which exist on the same domain will be able to access this cookie.

I would google single sign on asp.net. There's a number of ways to achieve it, but it's definitely achievable.

Answer 3

No, because you're not using cookies for authentication in that scenario, so ScaleOvenStove's link won't help.

Basic authentication sends the login information in the HTTP headers with every request, but it's the browser that does this, when it sees a new server, new password request.

(Or indeed as suggested change the authentication on both systems to support single signon)