6 Replies - 2967 Views - Last Post: 08 February 2009 - 05:02 AM Rate Topic: -----

#1 George2  Icon User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 83
  • Joined: 14-December 08

how to send user ID across differnet application in ASP.Net?

Posted 05 February 2009 - 06:00 AM

Hello everyone,

I have two web applications all are developed by ASP.Net. Now I want to provide a feature which enables the user to click from one URL in application site (one virtual directory of IIS) A to the other URL in application site B (another virtual directory of IIS).

I have two ideas to implement them, but both of them have issues. I want to know what solution should be optimum solution?

Solution 1: using cookie, so from both application sites, we could retrieve user ID information from reading cookie, but I am afraid if cookie is disabled in browser, this "jump" feature never works.

Solution 2: When the user redirects to an URL in another site, I could append user ID after the URL, I could redirect to this URL in another site http://www.anotherap...burl?userID=foo, but I am afraird that in this way userID will be exposed easily which raise security issues.

Any advice?

thanks in advance,
George

Is This A Good Question/Topic? 0
  • +

Replies To: how to send user ID across differnet application in ASP.Net?

#2 eclipsed4utoo  Icon User is offline

  • Not Your Ordinary Programmer
  • member icon

Reputation: 1524
  • View blog
  • Posts: 5,960
  • Joined: 21-March 08

Re: how to send user ID across differnet application in ASP.Net?

Posted 05 February 2009 - 07:22 AM

require cookies and do solution 1. I believe there is a way, using javascript, to tell if cookies are enabled. if they are not, display a message that they are required for moving between applications.

This post has been edited by eclipsed4utoo: 05 February 2009 - 07:23 AM

Was This Post Helpful? 0
  • +
  • -

#3 General Adamus  Icon User is offline

  • D.I.C Head

Reputation: 9
  • View blog
  • Posts: 110
  • Joined: 05-February 09

Re: how to send user ID across differnet application in ASP.Net?

Posted 05 February 2009 - 08:31 PM

Encrypt the login and pass it in a query string.

Adamus
Was This Post Helpful? 0
  • +
  • -

#4 George2  Icon User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 83
  • Joined: 14-December 08

Re: how to send user ID across differnet application in ASP.Net?

Posted 07 February 2009 - 06:49 AM

Thanks eclipsed4utoo,

View Posteclipsed4utoo, on 5 Feb, 2009 - 06:22 AM, said:

require cookies and do solution 1. I believe there is a way, using javascript, to tell if cookies are enabled. if they are not, display a message that they are required for moving between applications.


Any other security risks of using cookie?

regards,
George


Thanks Adamus,

View PostGeneral Adamus, on 5 Feb, 2009 - 07:31 PM, said:

Encrypt the login and pass it in a query string.

Adamus


Do you mean passing query string in URL, like http://somedomain.co....aspx?blablabla

If yes, I doubt whether expose information in URL has potential security risks? Are there any other ways not to expose information in URL?

regards,
George
Was This Post Helpful? 0
  • +
  • -

#5 General Adamus  Icon User is offline

  • D.I.C Head

Reputation: 9
  • View blog
  • Posts: 110
  • Joined: 05-February 09

Re: how to send user ID across differnet application in ASP.Net?

Posted 07 February 2009 - 08:43 AM

George,

"Encrypt" the UserID and pass it in a query string. "Decrypt" Request.QueryString("UID")

This is a standard traditional aproach.
Was This Post Helpful? 0
  • +
  • -

#6 eclipsed4utoo  Icon User is offline

  • Not Your Ordinary Programmer
  • member icon

Reputation: 1524
  • View blog
  • Posts: 5,960
  • Joined: 21-March 08

Re: how to send user ID across differnet application in ASP.Net?

Posted 07 February 2009 - 04:44 PM

View PostGeorge2, on 7 Feb, 2009 - 08:49 AM, said:

Thanks eclipsed4utoo,

View Posteclipsed4utoo, on 5 Feb, 2009 - 06:22 AM, said:

require cookies and do solution 1. I believe there is a way, using javascript, to tell if cookies are enabled. if they are not, display a message that they are required for moving between applications.


Any other security risks of using cookie?

regards,
George


Thanks Adamus,

View PostGeneral Adamus, on 5 Feb, 2009 - 07:31 PM, said:

Encrypt the login and pass it in a query string.

Adamus


Do you mean passing query string in URL, like http://somedomain.co....aspx?blablabla

If yes, I doubt whether expose information in URL has potential security risks? Are there any other ways not to expose information in URL?

regards,
George


whether you use cookies or query string, you should encrypt the data if it's sensitive.
Was This Post Helpful? 0
  • +
  • -

#7 George2  Icon User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 83
  • Joined: 14-December 08

Re: how to send user ID across differnet application in ASP.Net?

Posted 08 February 2009 - 05:02 AM

Thanks General Adamus!

View PostGeneral Adamus, on 7 Feb, 2009 - 07:43 AM, said:

George,

"Encrypt" the UserID and pass it in a query string. "Decrypt" Request.QueryString("UID")

This is a standard traditional aproach.


When the user clicks the URL, browser will go the the URL directly. Any chance for us to encrypt userID and pass it in a query string before browser goes to the URL?

regards,
George


Thanks eclipsed4utoo,

I am not very experienced with cookie security. Two more questions,

1.

How to encrypt cookie data? Some manual way or ASP.Net has built-in support?

2.

If there is ASP.Net built-in encryption solution for cookie, how strong is the cookie encryption solution in ASP.Net?

View Posteclipsed4utoo, on 7 Feb, 2009 - 03:44 PM, said:

View PostGeorge2, on 7 Feb, 2009 - 08:49 AM, said:

Thanks eclipsed4utoo,

View Posteclipsed4utoo, on 5 Feb, 2009 - 06:22 AM, said:

require cookies and do solution 1. I believe there is a way, using javascript, to tell if cookies are enabled. if they are not, display a message that they are required for moving between applications.


Any other security risks of using cookie?

regards,
George


Thanks Adamus,

View PostGeneral Adamus, on 5 Feb, 2009 - 07:31 PM, said:

Encrypt the login and pass it in a query string.

Adamus


Do you mean passing query string in URL, like http://somedomain.co....aspx?blablabla

If yes, I doubt whether expose information in URL has potential security risks? Are there any other ways not to expose information in URL?

regards,
George


whether you use cookies or query string, you should encrypt the data if it's sensitive.


regards,
George
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1