rclayh
|
| Posted: 06/26/2003, 9:27 AM |
|
I have two separate ASP.NET apps that are running as applications and so they each have their own set of session variables. They share the same login table and a user validated at one, would be valid for the other. I broke the applications out for security reasons and to reduce the complexity and compile time of a single app.
My question is - is there a way to short circuit the login page of the second app? If they have validated, I can set a cookie and when they hit the second app, I want that cookie to cause an auto-authentication bypassing the form and continuing on to their destination page. Does someone know of an easy way to do this? I'll need to keep the login page in place because they may hit the 2nd app directly through a favorite. Also I'm not crazy about having to add an authentication routine to each page (other than CodeCharge's built in routines).
Thanks for any help.
|
|
|
 |
rrodgers
|
| Posted: 06/26/2003, 9:41 AM |
|
I don't use .net but in ASP every secure page has a call to
CCSecurityRedirect
I put my code for autologin in this function. I Call a sub that checks for a cookie and if the value is true it calls the CCLoginUser() function before any checks are made. See code below.
rob
Sub CheckForLogin
If IsEmpty(CCGetUserID()) And Session("NoAutoLogin") <> 1 Then
If Request.Cookies("bbstat")("rm") = 1 Then
If Not CCLoginUser(EnDeCrypt(Request.Cookies("bbstat")("uid"),kCookieKey), EnDeCrypt(Request.Cookies("bbstat")("pwd"),kCookieKey)) Then
Call UpdRememberMe(0,"", "")
End IF
End IF
End IF
End Sub
Sub UpdRememberMe(xValue,xLogin, xPwd)
Response.Cookies("bbstat").Expires = DateAdd("yyyy",1,Now)
IF xValue = 1 Then
Response.Cookies("bbstat")("uid") = EnDeCrypt(xLogin,kCookieKey)
Response.Cookies("bbstat")("pwd") = EnDeCrypt(xPwd,kCookieKey)
Response.Cookies("bbstat")("rm") = Int(1)
Else
Response.Cookies("bbstat")("uid") = " "
Response.Cookies("bbstat")("pwd") = " "
Response.Cookies("bbstat")("rm") = Int(0)
End IF
End Sub
|
|
|
|
|
