Solved

2 web servers: 1 provides authentication and serves a URL, which redirects the user to the 2nd where content is downloaded

Posted on 2011-02-26
6
330 Views
Last Modified: 2013-11-05
Have to design the security for 2 web servers in different locations. The first server authenticates a user and serves and URL, which redirects the user to the second server where content is downloaded. It seems this solution requires session identification, whether included as part of the URL or sent as a secure HTTP cookie in the response header. Is this the best way to authenticate the user on the second system? If so, how would the first system send this session information to the second server to allow authentication to occur? in researching, it seems SOAP calls from the first system to the second may be a way to accomplish this. Obviously, SSL/TLS would be used to encrypt the SOAP calls. Can anyone let me know if this is the correct design of these systems? If not, any other ways?
0
Comment
Question by:krella
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 4

Expert Comment

by:LAMASE
ID: 34989167
Soap, is ok, you can even use direct database calls with sql server accessible only by server1 IP.
You can put some data inside a table, like hash, ip, file.... then  you redirect the user to server2/page.php?auth=xxxxxxxxxx

page.php checks the data in the database for that record, gives back a cookie to the user (if not already set) and should check the ip address or date to prevent forther uses of the final url.
0
 

Author Comment

by:krella
ID: 34989309
Thanks for getting back to me. Would I need to manually create a single user on both systems? Would the username / password need to present on both server 1 and server 2? Or using SOAP, could server 1 pass a security token and / or username token to server 2, which would automatically authenticate the user to server 2, allowing him or her to download the content needed?
0
 
LVL 4

Accepted Solution

by:
LAMASE earned 500 total points
ID: 34989325
For a simpler way, if server2 should only output the file, you can pass data encrypted with a secret salt (shared by the two servers) in the url, the decode it on the other side to verify. You can encrypt for example the filename, the ip address and the timestamp, then verify everything before ouput the content.

It will looks like
encrypt data with salt "secret"
show the url "download.php?get=xxxxxxxxxxxx"

On the other side
pseudocode:
decrypt the parameter with salt "secret"
check timestamp, ip, other...
output file if ok
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Expert Comment

by:LAMASE
ID: 34989330
Thanks for getting back to me. Would I need to manually create a single user on both systems? Would the username / password need to present on both server 1 and server 2? Or using SOAP, could server 1 pass a security token and / or username token to server 2, which would automatically authenticate the user to server 2, allowing him or her to download the content needed?

Depends on what you need to do: server2 has navigable webpages?

With my second example you don't need anything on server2... but don't know your website logic
0
 

Author Comment

by:krella
ID: 34989370
Using your example, I know with SOAP you can pass a security token or salt, that the server 2 can use to authenticate the user. If I do not wish to create user accounts on server 2, what type of logic would be needed on server 2 to authenticate the user? Obviously server 2 would need to validate the security token. Would server 2 need a database of hashes where the security tokens are validated?
0
 
LVL 4

Expert Comment

by:LAMASE
ID: 34989441
The fact that the encrypted data is valid (according to the secret salt) is a signal that comes from a trusted source. This can be a quick&dirty way to autenticate.
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When it comes to write a Context Sensitive Help (an online help that is obtained from a specific point in state of software to provide help with that state) ,  first we need to make the file that contains all topics, which are given exclusive IDs. …
An enjoyable and seamless user experience can go a long way on an eCommerce site. While a cohesive layout and engaging copy play roles in creating a positive user experience, some sites neglect aspects that seem marginal but in actuality prove very …
This video teaches viewers how to create their own website using cPanel and Wordpress. Tutorial walks users through how to set up their own domain name from tools like Domain Registrar, Hosting Account, and Wordpress. More specifically, the order in…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question