Andrew
>From JSP, you could get the logon page to set a cookie (and the logon-fail
page to unset it), then have JSP and ASP pages look for the same cookie.
Although I'm primarily an ASP developer, I tend to roll my own logons for
ASP, so can't help with the ins-and-outs of IIS authentication, but I'd
imagine something similar is possible with ASP authentication.
Naturally, a cookie with name="authenticated" and value="true" would be easy
to forge, so you'd probably want to do something like set the cookie a hash
of the (i) client's IP address and (ii) a nonce-value that changes, say,
daily or hourly.
Hope this helps,
John
--
John Niven
(Reply via newsgroup/mailing list)
> -----Original Message-----
> From: Andrew [mailto:asd@ezan.ac.ru]
> Sent: 23 January 2002 11:19
> To: Tomcat Users List
> Subject: Single sign-on for Tomcat/IIS realms
>
>
> Hi, how I can implement single sign-on for
> Tomcat/IIS(ASP.NET) user realms.Both servers work on the same
> machine and use cookies for authentification. More precisely,
> I want IIS session was authentificated if Tomcat is.
>
> Thanks.
>
>
>
>
> --
> To unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
> Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
>
--
To unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
|