Solved

2 web servers: 1 provides authentication and serves a URL, which redirects the user to the 2nd where content is downloaded

Posted on 2011-02-26
6
318 Views
Last Modified: 2013-11-05
Have to design the security for 2 web servers in different locations. The first server authenticates a user and serves and URL, which redirects the user to the second server where content is downloaded. It seems this solution requires session identification, whether included as part of the URL or sent as a secure HTTP cookie in the response header. Is this the best way to authenticate the user on the second system? If so, how would the first system send this session information to the second server to allow authentication to occur? in researching, it seems SOAP calls from the first system to the second may be a way to accomplish this. Obviously, SSL/TLS would be used to encrypt the SOAP calls. Can anyone let me know if this is the correct design of these systems? If not, any other ways?
0
Comment
Question by:krella
  • 4
  • 2
6 Comments
 
LVL 4

Expert Comment

by:LAMASE
ID: 34989167
Soap, is ok, you can even use direct database calls with sql server accessible only by server1 IP.
You can put some data inside a table, like hash, ip, file.... then  you redirect the user to server2/page.php?auth=xxxxxxxxxx

page.php checks the data in the database for that record, gives back a cookie to the user (if not already set) and should check the ip address or date to prevent forther uses of the final url.
0
 

Author Comment

by:krella
ID: 34989309
Thanks for getting back to me. Would I need to manually create a single user on both systems? Would the username / password need to present on both server 1 and server 2? Or using SOAP, could server 1 pass a security token and / or username token to server 2, which would automatically authenticate the user to server 2, allowing him or her to download the content needed?
0
 
LVL 4

Accepted Solution

by:
LAMASE earned 500 total points
ID: 34989325
For a simpler way, if server2 should only output the file, you can pass data encrypted with a secret salt (shared by the two servers) in the url, the decode it on the other side to verify. You can encrypt for example the filename, the ip address and the timestamp, then verify everything before ouput the content.

It will looks like
encrypt data with salt "secret"
show the url "download.php?get=xxxxxxxxxxxx"

On the other side
pseudocode:
decrypt the parameter with salt "secret"
check timestamp, ip, other...
output file if ok
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 4

Expert Comment

by:LAMASE
ID: 34989330
Thanks for getting back to me. Would I need to manually create a single user on both systems? Would the username / password need to present on both server 1 and server 2? Or using SOAP, could server 1 pass a security token and / or username token to server 2, which would automatically authenticate the user to server 2, allowing him or her to download the content needed?

Depends on what you need to do: server2 has navigable webpages?

With my second example you don't need anything on server2... but don't know your website logic
0
 

Author Comment

by:krella
ID: 34989370
Using your example, I know with SOAP you can pass a security token or salt, that the server 2 can use to authenticate the user. If I do not wish to create user accounts on server 2, what type of logic would be needed on server 2 to authenticate the user? Obviously server 2 would need to validate the security token. Would server 2 need a database of hashes where the security tokens are validated?
0
 
LVL 4

Expert Comment

by:LAMASE
ID: 34989441
The fact that the encrypted data is valid (according to the secret salt) is a signal that comes from a trusted source. This can be a quick&dirty way to autenticate.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
"In order to have an organized way for empathy mapping, we rely on a psychological model and trying to model it in a simple way, so we will split the board to three section for each persona and a scenario and try to see what those personas would Do,…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now