• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 345
  • Last Modified:

2 web servers: 1 provides authentication and serves a URL, which redirects the user to the 2nd where content is downloaded

Have to design the security for 2 web servers in different locations. The first server authenticates a user and serves and URL, which redirects the user to the second server where content is downloaded. It seems this solution requires session identification, whether included as part of the URL or sent as a secure HTTP cookie in the response header. Is this the best way to authenticate the user on the second system? If so, how would the first system send this session information to the second server to allow authentication to occur? in researching, it seems SOAP calls from the first system to the second may be a way to accomplish this. Obviously, SSL/TLS would be used to encrypt the SOAP calls. Can anyone let me know if this is the correct design of these systems? If not, any other ways?
0
krella
Asked:
krella
  • 4
  • 2
1 Solution
 
LAMASECommented:
Soap, is ok, you can even use direct database calls with sql server accessible only by server1 IP.
You can put some data inside a table, like hash, ip, file.... then  you redirect the user to server2/page.php?auth=xxxxxxxxxx

page.php checks the data in the database for that record, gives back a cookie to the user (if not already set) and should check the ip address or date to prevent forther uses of the final url.
0
 
krellaAuthor Commented:
Thanks for getting back to me. Would I need to manually create a single user on both systems? Would the username / password need to present on both server 1 and server 2? Or using SOAP, could server 1 pass a security token and / or username token to server 2, which would automatically authenticate the user to server 2, allowing him or her to download the content needed?
0
 
LAMASECommented:
For a simpler way, if server2 should only output the file, you can pass data encrypted with a secret salt (shared by the two servers) in the url, the decode it on the other side to verify. You can encrypt for example the filename, the ip address and the timestamp, then verify everything before ouput the content.

It will looks like
encrypt data with salt "secret"
show the url "download.php?get=xxxxxxxxxxxx"

On the other side
pseudocode:
decrypt the parameter with salt "secret"
check timestamp, ip, other...
output file if ok
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LAMASECommented:
Thanks for getting back to me. Would I need to manually create a single user on both systems? Would the username / password need to present on both server 1 and server 2? Or using SOAP, could server 1 pass a security token and / or username token to server 2, which would automatically authenticate the user to server 2, allowing him or her to download the content needed?

Depends on what you need to do: server2 has navigable webpages?

With my second example you don't need anything on server2... but don't know your website logic
0
 
krellaAuthor Commented:
Using your example, I know with SOAP you can pass a security token or salt, that the server 2 can use to authenticate the user. If I do not wish to create user accounts on server 2, what type of logic would be needed on server 2 to authenticate the user? Obviously server 2 would need to validate the security token. Would server 2 need a database of hashes where the security tokens are validated?
0
 
LAMASECommented:
The fact that the encrypted data is valid (according to the secret salt) is a signal that comes from a trusted source. This can be a quick&dirty way to autenticate.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now