tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Niven <John.Ni...@marcat.com>
Subject RE: Single sign-on for Tomcat/IIS realms
Date Wed, 23 Jan 2002 16:16:20 GMT
Andrew

>From JSP, you could get the logon page to set a cookie (and the logon-fail
page to unset it), then have JSP and ASP pages look for the same cookie.
Although I'm primarily an ASP developer, I tend to roll my own logons for
ASP, so can't help with the ins-and-outs of IIS authentication, but I'd
imagine something similar is possible with ASP authentication.

Naturally, a cookie with name="authenticated" and value="true" would be easy
to forge, so you'd probably want to do something like set the cookie a hash
of the (i) client's IP address and (ii) a nonce-value that changes, say,
daily or hourly.

Hope this helps,
John

--
John Niven
(Reply via newsgroup/mailing list)


> -----Original Message-----
> From: Andrew [mailto:asd@ezan.ac.ru] 
> Sent: 23 January 2002 11:19
> To: Tomcat Users List
> Subject: Single sign-on for Tomcat/IIS realms
> 
> 
>     Hi, how I can implement single sign-on for 
> Tomcat/IIS(ASP.NET) user realms.Both servers work on the same 
> machine and use cookies for authentification. More precisely, 
> I want IIS session was authentificated if Tomcat is.
> 
> Thanks.
> 
> 
> 
> 
> --
> To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
> Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
> 

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message