Authenticating against NET 2 0 website

Hi all, I have managed to convince a client to go for ColdFusion as a solution amongst different option offered. Problem: the client currently has an existing site but wants a single login for the existing site a .net 2.0 site hosted on iis6.1and SQL 2k server and the CF website hosted on cf8, iis7 on SQL 2008. What do you guys suggest for cross platform authentication? Your suggestions are greatly appreciated. Many thanks, Matt.

Do you have the ability to modify the .Net authentication procedure? If you do, you could move all the session info in to the database and modify the .Net authentication to check your session table before issuing the challenge. If it's the same domain you could store everything in a cookie instead of the database and have both CF and .Net look for the cookie for authentication info as well. Hi all, I have managed to convince a client to go for ColdFusion as a solution amongst different option offered. Problem: the client currently has an existing site but wants a single login for the existing site a .net 2.0 site hosted on iis6.1and SQL 2k server and the CF website hosted on cf8, iis7 on SQL 2008. What do you guys suggest for cross platform authentication? Your suggestions are greatly appreciated. Many thanks, Matt.       

Have them both use the same database for user / auth lookups.  That's the simplest, assuming that both servers can access at least one of the SQL Servers.  If that's a challenge, then build a quick webservice to wrap the authentication call, which is a good idea in any case, and then allow both apps to hit that service in order to set sessions.

Thanks Jason, yes I thought of web service too, as I do not have access to the databse shouldn't they be the one creating the web service and I consuming it? Also aren't  webservices easily spoofed? Matt. On 12 Mar 2010, at 16:09, "Jason Fisher" <jason@wanax.com> wrote: Have them both use the same database for user / auth lookups.  That's the simplest, assuming that both servers can access at least one of the SQL Servers.  If that's a challenge, then build a quick webservice to wrap the authentication call, which is a good idea in any case, and then allow both apps to hit that service in order to set sessions.

> Thanks Jason, yes I thought of web service too, as I do not have access to the databse shouldn't they be the one creating the > web service and I consuming it? Yes, they'd have to create that. If they're unwilling to do this, you could probably accomplish what you need by interacting with their login form and action from your own login, via CFHTTP. > Also aren't webservices easily spoofed? No more so than any other HTTP interface, like your application. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite

OK thanks Dave - I'll have to go for webservices. Thanks all.

Actually, if you're just authenticating against the database, then you could create a service easily in CF and then consume it from the .NET side.  At that point, you wouldn't even need the database side to be involved. > Thanks Jason, yes I thought of web service too, as I do not have access to the databse shouldn't they be the one creating the > web service and I consuming it? Yes, they'd have to create that. If they're unwilling to do this, you could probably accomplish what you need by interacting with their login form and action from your own login, via CFHTTP. > Also aren't?webservices easily spoofed? No more so than any other HTTP interface, like your application. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite