How would you face this problem?

Hi,

I have an online application (written in .asp) that requires a login to be
accessed and used. I have a login.asp page that asks for username and
password, looks up in a MS SQL db if a combination of those
username/password is available and, if so, sets a session variable and goes
to home.asp (this page checks if the session variable has been set, and if
not, redirects to login.asp). That's the usual method in .asp to make
password-protected pages. This way, the SQL database contains all usernames
and passwords.

Now I have a company that wants to use my application (hosted on my server)
but does not want their users to make a double login, I mean one login to
their network and one login to my application. They want a way so that my
application recognizes their users and logins automatically; in a few words,
their users should be allowed to go directly to home.asp without first
stepping to login.asp.

They are using a Windows network, so I looked into using Active Directory
(LDAP) integration in .asp pages but:

1) Can you tell me a source where I can find simple integration information?
I found a lot of information, but nothing is very simple

2) Since my application is hosted on my server (on-line and outside their
network), I don't think I'll be able to use AD integration, because I think
they should be in the same domain

So, my final question is: how would you approach such a problem? Googling on
the net I also found this page
http://www.google.com/a/help/intl/en/admins/editions.html where Google
offers a single sign-on to their application via API. I think they don't use
AD integration, but they achieve exactly what I need (a single sign-on). So,
how can Google do such a thing? What approach are they using? I can develop
a login API for my application too.

Thank you.

Re: How would you face this problem?

You could remove the login, and in IIS restrict use by ip address


"MarcoG" wrote in message
news:45e2e750$0$4794$4fafbaef@reader4.news.tin.it...
> Hi,
>
> I have an online application (written in .asp) that requires a login to be
> accessed and used. I have a login.asp page that asks for username and
> password, looks up in a MS SQL db if a combination of those
> username/password is available and, if so, sets a session variable and
> goes
> to home.asp (this page checks if the session variable has been set, and if
> not, redirects to login.asp). That's the usual method in .asp to make
> password-protected pages. This way, the SQL database contains all
> usernames
> and passwords.
>
> Now I have a company that wants to use my application (hosted on my
> server)
> but does not want their users to make a double login, I mean one login to
> their network and one login to my application. They want a way so that my
> application recognizes their users and logins automatically; in a few
> words,
> their users should be allowed to go directly to home.asp without first
> stepping to login.asp.
>
> They are using a Windows network, so I looked into using Active Directory
> (LDAP) integration in .asp pages but:
>
> 1) Can you tell me a source where I can find simple integration
> information?
> I found a lot of information, but nothing is very simple
>
> 2) Since my application is hosted on my server (on-line and outside their
> network), I don't think I'll be able to use AD integration, because I
> think
> they should be in the same domain
>
> So, my final question is: how would you approach such a problem? Googling
> on
> the net I also found this page
> http://www.google.com/a/help/intl/en/admins/editions.html where Google
> offers a single sign-on to their application via API. I think they don't
> use
> AD integration, but they achieve exactly what I need (a single sign-on).
> So,
> how can Google do such a thing? What approach are they using? I can
> develop
> a login API for my application too.
>
> Thank you.
>
>

Re: How would you face this problem?

"ThatsIT.net.au" ha scritto nel messaggio
news:09D992DE-C654-4EE7-9152-24238D6E03FF@microsoft.com...
> You could remove the login, and in IIS restrict use by ip address

Thanks, but employees may not have fixed IPs

Re: How would you face this problem?

perhaps a web service or use of something like passport...


"MarcoG" wrote in message news:45e2e750$0$4794$4fafbaef@reader4.news.tin.it...
> Hi,
>
> I have an online application (written in .asp) that requires a login to be
> accessed and used. I have a login.asp page that asks for username and
> password, looks up in a MS SQL db if a combination of those
> username/password is available and, if so, sets a session variable and goes
> to home.asp (this page checks if the session variable has been set, and if
> not, redirects to login.asp). That's the usual method in .asp to make
> password-protected pages. This way, the SQL database contains all usernames
> and passwords.
>
> Now I have a company that wants to use my application (hosted on my server)
> but does not want their users to make a double login, I mean one login to
> their network and one login to my application. They want a way so that my
> application recognizes their users and logins automatically; in a few words,
> their users should be allowed to go directly to home.asp without first
> stepping to login.asp.
>
> They are using a Windows network, so I looked into using Active Directory
> (LDAP) integration in .asp pages but:
>
> 1) Can you tell me a source where I can find simple integration information?
> I found a lot of information, but nothing is very simple
>
> 2) Since my application is hosted on my server (on-line and outside their
> network), I don't think I'll be able to use AD integration, because I think
> they should be in the same domain
>
> So, my final question is: how would you approach such a problem? Googling on
> the net I also found this page
> http://www.google.com/a/help/intl/en/admins/editions.html where Google
> offers a single sign-on to their application via API. I think they don't use
> AD integration, but they achieve exactly what I need (a single sign-on). So,
> how can Google do such a thing? What approach are they using? I can develop
> a login API for my application too.
>
> Thank you.
>
>

Re: How would you face this problem?

"Jon Paal [MSMD]" ha scritto nel
messaggio news:12u8lb9i2lqhe08@corp.supernews.com...
> perhaps a web service or use of something like passport...

Exactly, I was thinking something like that... But where can I find more
information?
Thanks.