Tutorial :How to pass user authentication when visiting another url?


Suppose I have a web app MyApp. When I access this web app, I have input user authentication info( user name and password), then from this site, want to visit another site say YourSite which will ask authentication too. Same authentication should be fine for both site.

So I want to pass user authentication data on MyApp to YourSite in code. Then I write a http handler like:

public void ProcessRequest(HttpContext context)  {     string url = "http://YourSite/page/...";                 HttpWebRequest myReq = (HttpWebRequest)WebRequest.Create(url);     CredentialCache myCache = new CredentialCache();                             NetworkCredential netCredential = new NetworkCredential("myname", "mypassword", "");       myCache.Add(new Uri(url), "Basic", netCredential);     myCache.Add(new Uri(url), "Digest", netCredential);     myCache.Add(new Uri(url), "Negotiate", netCredential);     myReq.Credentials = myCache;              //.....  }  

But I don't want to set user name and password in code, I want to pass current user authentication data to YourSite.

How to implement this request?

==========Moro info about my situation: MyApp is Asp.NET wep app runing on IIS(windows authentication). YourSite is a Java app runing on Tomcat on another box. Both apps are configured to use Windows Active Directory user account on same windows domain server.

============More info: I change above code as(try to use current credential):

 public void ProcessRequest(HttpContext context)      {         string url = "http://YourSite/page/...";                     HttpWebRequest myReq = (HttpWebRequest)WebRequest.Create(url);         myReq.Credentials = CredentialCache.DefaultCredentials;           //.....      }  

but can't passed the authentication.


Could you use a 1 pixel by 1 pixel iframe of the MyApp website on the YourSite page, then pass information via javascript/ajax? I suppose I would go with Darin's comment and suggest OpenID, but this may be an option. I haven't tried it, so let me know if it works :)


If your applications are running on the same top level domain (myapp.abc.com and yourapp.abc.com), it would be easy by using Forms Authentication and Membership Provider by just setting in your applications web.config:

Asp.net forms authentication and multiple domains

Scott Gu's Blog

If the domains are different, you could use SSO (sing sign on) solutions like: http://singlesignon.codeplex.com/

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »