Navigating between 2 Webform applications (Asp.Net) Securley

sanjshah12
sanjshah12 used Ask the Experts™
on
Hi,

We have 2 applications and would like a user to switch to one them securely, so the user will login (with username and password) to one Site A and then click on a link to navigate to the Site B. If I checked that the user is coming from Site A (referring site and page) would this be enough to ensure this is safe or should I make more checks?

Any recommendations would be helpful.

Regards,
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Chinmay PatelChief Technology Ninja
Distinguished Expert 2018

Commented:
Hi Sanjshah,

The approach you are trying to use is not safe at all. Anyone can spoof that approach and basically create a havoc on your Site B.
What you need is a technique called SSO - Single Sign On - which can be implemented in multiple ways. IF you can provide more details about your requirements and how your apps are set-up (ASP.Net WebForms? MVC? ASP.Net Core? Apps reside on the same server? Same domain? etc.) I can suggest which route to take.

Regards,
Chinmay.

Author

Commented:
Many thanks Chinmay for replying.

I am using Asp.Net Webforms VB. Yes I can place both applications on the same server and possibly on the domain if required.

Any help is appreciated.

Would a web service be a better approach?

Thanks
Chinmay PatelChief Technology Ninja
Distinguished Expert 2018

Commented:
Web Service????  I am not sure I understand the context here.

If you can provide me details on the requirements then I can tell you if a Web Service is required. If you have two distinct apps providing two different features then keeping them separate is the right thing to do - unless your business requirements dictate otherwise.
Why Diversity in Tech Matters

Kesha Williams, certified professional and software developer, explores the imbalance of diversity in the world of technology -- especially when it comes to hiring women. She showcases ways she's making a difference through the Colors of STEM program.

Author

Commented:
Thanks Chinmay,


These need to be 2 different webforms applications just because they have different requirements and features.

I would like to redirect a user (already logged in to SiteA) to SiteB, from where they will complete a form etc. I really do not want them to login again. It would be nice if I could forward information such as email address, name from SIteA to SiteB but not essential.

Thanks for your help
Chief Technology Ninja
Distinguished Expert 2018
Commented:
Then configure SSO, and though these links are old, for WebForms they are still valid. Please do a PoC to check if they meet your requirements.

These two are good points to start. First, check
https://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx
then
https://www.codeproject.com/Articles/27576/Single-Sign-on-in-ASP-NET-and-Other-Platforms.

I believe the first MSDN link is sufficient in terms of theoretical guidance that exactly tells you what you need to setup SSO, the second one takes a more practical approach with examples.

Author

Commented:
Thanks Chinmay,

Just to confirm the only I need to create a machinekey ?

Regards,
Chinmay PatelChief Technology Ninja
Distinguished Expert 2018

Commented:
Yes. Please do a PoC.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial