New Topic/Question
Reply
Hello everyone,
I have two web applications all are developed by ASP.Net. Now I want to provide a feature which enables the user to click from one URL in application site (one virtual directory of IIS) A to the other URL in application site B (another virtual directory of IIS).
I have two ideas to implement them, but both of them have issues. I want to know what solution should be optimum solution?
Solution 1: using cookie, so from both application sites, we could retrieve user ID information from reading cookie, but I am afraid if cookie is disabled in browser, this "jump" feature never works.
Solution 2: When the user redirects to an URL in another site, I could append user ID after the URL, I could redirect to this URL in another site http://www.anotherap...burl?userID=foo, but I am afraird that in this way userID will be exposed easily which raise security issues.
Any advice?
thanks in advance,
George
6 Replies - 2298 Views - Last Post: 08 February 2009 - 05:02 AM
Rate Topic:
MultiQuoteReplies To: how to send user ID across differnet application in ASP.Net?
#2
eclipsed4utoo
- Not Your Ordinary Programmer
-
Reputation: 1511
- Posts: 5,916
- Joined: 21-March 08
Re: how to send user ID across differnet application in ASP.Net?
Posted 05 February 2009 - 07:22 AM
require cookies and do solution 1. I believe there is a way, using javascript, to tell if cookies are enabled. if they are not, display a message that they are required for moving between applications.
This post has been edited by eclipsed4utoo: 05 February 2009 - 07:23 AM
Was This Post Helpful?
0
#3
General Adamus
- D.I.C Head
Reputation: 9
- Posts: 110
- Joined: 05-February 09
Re: how to send user ID across differnet application in ASP.Net?
Posted 05 February 2009 - 08:31 PM
Encrypt the login and pass it in a query string.
Adamus
Adamus
Was This Post Helpful?
0
#4
George2
- D.I.C Head
Reputation: 1
- Posts: 83
- Joined: 14-December 08
Re: how to send user ID across differnet application in ASP.Net?
Posted 07 February 2009 - 06:49 AM
Thanks eclipsed4utoo,
Any other security risks of using cookie?
regards,
George
Thanks Adamus,
Do you mean passing query string in URL, like http://somedomain.co....aspx?blablabla
If yes, I doubt whether expose information in URL has potential security risks? Are there any other ways not to expose information in URL?
regards,
George
eclipsed4utoo, on 5 Feb, 2009 - 06:22 AM, said:
require cookies and do solution 1. I believe there is a way, using javascript, to tell if cookies are enabled. if they are not, display a message that they are required for moving between applications.
Any other security risks of using cookie?
regards,
George
Thanks Adamus,
General Adamus, on 5 Feb, 2009 - 07:31 PM, said:
Encrypt the login and pass it in a query string.
Adamus
Adamus
Do you mean passing query string in URL, like http://somedomain.co....aspx?blablabla
If yes, I doubt whether expose information in URL has potential security risks? Are there any other ways not to expose information in URL?
regards,
George
Was This Post Helpful?
0
#5
General Adamus
- D.I.C Head
Reputation: 9
- Posts: 110
- Joined: 05-February 09
Re: how to send user ID across differnet application in ASP.Net?
Posted 07 February 2009 - 08:43 AM
George,
"Encrypt" the UserID and pass it in a query string. "Decrypt" Request.QueryString("UID")
This is a standard traditional aproach.
"Encrypt" the UserID and pass it in a query string. "Decrypt" Request.QueryString("UID")
This is a standard traditional aproach.
Was This Post Helpful?
0
#6
eclipsed4utoo
- Not Your Ordinary Programmer
-
Reputation: 1511
- Posts: 5,916
- Joined: 21-March 08
Re: how to send user ID across differnet application in ASP.Net?
Posted 07 February 2009 - 04:44 PM
George2, on 7 Feb, 2009 - 08:49 AM, said:
Thanks eclipsed4utoo,
Any other security risks of using cookie?
regards,
George
Thanks Adamus,
Do you mean passing query string in URL, like http://somedomain.co....aspx?blablabla
If yes, I doubt whether expose information in URL has potential security risks? Are there any other ways not to expose information in URL?
regards,
George
eclipsed4utoo, on 5 Feb, 2009 - 06:22 AM, said:
require cookies and do solution 1. I believe there is a way, using javascript, to tell if cookies are enabled. if they are not, display a message that they are required for moving between applications.
Any other security risks of using cookie?
regards,
George
Thanks Adamus,
General Adamus, on 5 Feb, 2009 - 07:31 PM, said:
Encrypt the login and pass it in a query string.
Adamus
Adamus
Do you mean passing query string in URL, like http://somedomain.co....aspx?blablabla
If yes, I doubt whether expose information in URL has potential security risks? Are there any other ways not to expose information in URL?
regards,
George
whether you use cookies or query string, you should encrypt the data if it's sensitive.
Was This Post Helpful?
0
#7
George2
- D.I.C Head
Reputation: 1
- Posts: 83
- Joined: 14-December 08
Re: how to send user ID across differnet application in ASP.Net?
Posted 08 February 2009 - 05:02 AM
Thanks General Adamus!
When the user clicks the URL, browser will go the the URL directly. Any chance for us to encrypt userID and pass it in a query string before browser goes to the URL?
regards,
George
Thanks eclipsed4utoo,
I am not very experienced with cookie security. Two more questions,
1.
How to encrypt cookie data? Some manual way or ASP.Net has built-in support?
2.
If there is ASP.Net built-in encryption solution for cookie, how strong is the cookie encryption solution in ASP.Net?
whether you use cookies or query string, you should encrypt the data if it's sensitive.
regards,
George
General Adamus, on 7 Feb, 2009 - 07:43 AM, said:
George,
"Encrypt" the UserID and pass it in a query string. "Decrypt" Request.QueryString("UID")
This is a standard traditional aproach.
"Encrypt" the UserID and pass it in a query string. "Decrypt" Request.QueryString("UID")
This is a standard traditional aproach.
When the user clicks the URL, browser will go the the URL directly. Any chance for us to encrypt userID and pass it in a query string before browser goes to the URL?
regards,
George
Thanks eclipsed4utoo,
I am not very experienced with cookie security. Two more questions,
1.
How to encrypt cookie data? Some manual way or ASP.Net has built-in support?
2.
If there is ASP.Net built-in encryption solution for cookie, how strong is the cookie encryption solution in ASP.Net?
eclipsed4utoo, on 7 Feb, 2009 - 03:44 PM, said:
George2, on 7 Feb, 2009 - 08:49 AM, said:
Thanks eclipsed4utoo,
Any other security risks of using cookie?
regards,
George
Thanks Adamus,
Do you mean passing query string in URL, like http://somedomain.co....aspx?blablabla
If yes, I doubt whether expose information in URL has potential security risks? Are there any other ways not to expose information in URL?
regards,
George
eclipsed4utoo, on 5 Feb, 2009 - 06:22 AM, said:
require cookies and do solution 1. I believe there is a way, using javascript, to tell if cookies are enabled. if they are not, display a message that they are required for moving between applications.
Any other security risks of using cookie?
regards,
George
Thanks Adamus,
General Adamus, on 5 Feb, 2009 - 07:31 PM, said:
Encrypt the login and pass it in a query string.
Adamus
Adamus
Do you mean passing query string in URL, like http://somedomain.co....aspx?blablabla
If yes, I doubt whether expose information in URL has potential security risks? Are there any other ways not to expose information in URL?
regards,
George
whether you use cookies or query string, you should encrypt the data if it's sensitive.
regards,
George
Was This Post Helpful?
0
Page 1 of 1
|
|
| 