How would you face this problem?

Hi,

I have an online application (written in .asp) that requires a login to be
accessed and used. I have a login.asp page that asks for username and
password, looks up in a MS SQL db if a combination of those
username/password is available and, if so, sets a session variable and goes
to home.asp (this page checks if the session variable has been set, and if
not, redirects to login.asp). That's the usual method in .asp to make
password-protected pages. This way, the SQL database contains all usernames
and passwords.

Now I have a company that wants to use my application (hosted on my server)
but does not want their users to make a double login, I mean one login to
their network and one login to my application. They want a way so that my
application recognizes their users and logins automatically; in a few words,
their users should be allowed to go directly to home.asp without first
stepping to login.asp.

They are using a Windows network, so I looked into using Active Directory
(LDAP) integration in .asp pages but:

1) Can you tell me a source where I can find simple integration information?
I found a lot of information, but nothing is very simple

2) Since my application is hosted on my server (on-line and outside their
network), I don't think I'll be able to use AD integration, because I think
they should be in the same domain

So, my final question is: how would you approach such a problem? Googling on
the net I also found this page
http://www.google.com/a/help/intl/en/admins/editions.html where Google
offers a single sign-on to their application via API. I think they don't use
AD integration, but they achieve exactly what I need (a single sign-on). So,
how can Google do such a thing? What approach are they using? I can develop
a login API for my application too.

Thank you.

Re: How would you face this problem?

"MarcG" wrote in message
news:45e2eb27$0$4792$4fafbaef@reader4.news.tin.it...
> Hi,
>
> I have an online application (written in .asp) that requires a login to be
> accessed and used. I have a login.asp page that asks for username and
> password, looks up in a MS SQL db if a combination of those
> username/password is available and, if so, sets a session variable and
goes
> to home.asp (this page checks if the session variable has been set, and if
> not, redirects to login.asp). That's the usual method in .asp to make
> password-protected pages. This way, the SQL database contains all
usernames
> and passwords.
>
> Now I have a company that wants to use my application (hosted on my
server)
> but does not want their users to make a double login, I mean one login to
> their network and one login to my application. They want a way so that my
> application recognizes their users and logins automatically; in a few
words,
> their users should be allowed to go directly to home.asp without first
> stepping to login.asp.

[snip]

Can't you just test the domain or IP address of the visitor?

Re: How would you face this problem?

"McKirahan" wrote in message
news:F9SdnVoVh_W3YH_YnZ2dnUVZ_ruknZ2d@comcast.com...
> "MarcG" wrote in message
> news:45e2eb27$0$4792$4fafbaef@reader4.news.tin.it...
> > Hi,
> >
> > I have an online application (written in .asp) that requires a login to
be
> > accessed and used. I have a login.asp page that asks for username and
> > password, looks up in a MS SQL db if a combination of those
> > username/password is available and, if so, sets a session variable and
> goes
> > to home.asp (this page checks if the session variable has been set, and
if
> > not, redirects to login.asp). That's the usual method in .asp to make
> > password-protected pages. This way, the SQL database contains all
> usernames
> > and passwords.
> >
> > Now I have a company that wants to use my application (hosted on my
> server)
> > but does not want their users to make a double login, I mean one login
to
> > their network and one login to my application. They want a way so that
my
> > application recognizes their users and logins automatically; in a few
> words,
> > their users should be allowed to go directly to home.asp without first
> > stepping to login.asp.
>
> [snip]
>
> Can't you just test the domain or IP address of the visitor?

Or have them log on once and set a cookie?

Re: How would you face this problem?

"McKirahan" ha scritto nel messaggio
news:OradnXe6yvp9YH_YnZ2dnUVZ_sCinZ2d@comcast.com...
>> Can't you just test the domain or IP address of the visitor?

No, I need to know who the visitor is (First Name, Last Name, etc.). When
employees arrive at work, they need to login to their netword (via Active
Directory). The company wants they can use our application without the need
to login again. When they use our application, we need to know who they are
(First Name, Last Name, etc.)

> Or have them log on once and set a cookie?

We need them to login once, but where we set the cookie? They login once to
their network, not to our webpage.

Thanks.

Re: How would you face this problem?

"MarcG" wrote in message
news:45e31b77$0$4792$4fafbaef@reader4.news.tin.it...
> "McKirahan" ha scritto nel messaggio
> news:OradnXe6yvp9YH_YnZ2dnUVZ_sCinZ2d@comcast.com...
> >> Can't you just test the domain or IP address of the visitor?
>
> No, I need to know who the visitor is (First Name, Last Name, etc.). When
> employees arrive at work, they need to login to their netword (via Active
> Directory). The company wants they can use our application without the
need
> to login again. When they use our application, we need to know who they
are
> (First Name, Last Name, etc.)
>
> > Or have them log on once and set a cookie?
>
> We need them to login once, but where we set the cookie? They login once
to
> their network, not to our webpage.

Have them login once to your Web page then save their information to a
cookie and have subsequent accesses check for the cookie to bypass logins.

Re: How would you face this problem?

"MarcG" wrote in message
news:45e2eb27$0$4792$4fafbaef@reader4.news.tin.it...
> Now I have a company that wants to use my application (hosted on my server)
> but does not want their users to make a double login, I mean one login to
> their network and one login to my application. They want a way so that my
> application recognizes their users and logins automatically; in a few words,
> their users should be allowed to go directly to home.asp without first
> stepping to login.asp.

There is no way that your server is going to be "aware" of their usernames from
their AD Domain.


--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed (as annoying as they are, and as stupid as they sound), are
my own and not those of my employer, or Microsoft, or anyone else associated
with me, including my cats.
-----------------------------------------------------

Re: How would you face this problem?

"Phillip Windell" <@.> ha scritto nel messaggio
news:udtQ$5dWHHA.528@TK2MSFTNGP03.phx.gbl...
> There is no way that your server is going to be "aware" of their usernames
> from their AD Domain.

That's what Google does (see my link). How they can do it?

Re: How would you face this problem?

"McKirahan" ha scritto nel messaggio
> Have them login once to your Web page then save their information to a
> cookie and have subsequent accesses check for the cookie to bypass logins.

They don't want to login to our webpage, that's what they want to avoid. I
know there are some sites that behave this way (e.g. Google, MS Passport,
etc.)

Re: How would you face this problem?

> That's what Google does (see my link). How they can do it?

Also MS Passport does it...

Re: How would you face this problem?

What they call "single sign on" can mean anything.
I don't know what Google is doing.


--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed (as annoying as they are, and as stupid as they sound), are
my own and not those of my employer, or Microsoft, or anyone else associated
with me, including my cats.
-----------------------------------------------------

"MarcG" wrote in message
news:45e34814$0$10622$4fafbaef@reader2.news.tin.it...
> "Phillip Windell" <@.> ha scritto nel messaggio
> news:udtQ$5dWHHA.528@TK2MSFTNGP03.phx.gbl...
>> There is no way that your server is going to be "aware" of their usernames
>> from their AD Domain.
>
> That's what Google does (see my link). How they can do it?
>
>

Re: How would you face this problem?

"MarcG" wrote in message
news:45e34867$0$10624$4fafbaef@reader2.news.tin.it...
>> That's what Google does (see my link). How they can do it?
>
> Also MS Passport does it...

It works by cookies, not by Domain login. MS Passport does not have any idea
what goes on in my Domain,...it does not query my domain controller to
authenticate users,...it is not even capable of reaching my domain controller.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed (as annoying as they are, and as stupid as they sound), are
my own and not those of my employer, or Microsoft, or anyone else associated
with me, including my cats.
-----------------------------------------------------

Re: How would you face this problem?

"Phillip Windell" <@.> ha scritto nel messaggio
news:%23aDcD1eWHHA.996@TK2MSFTNGP02.phx.gbl...
> It works by cookies, not by Domain login.

Yes, it does not work with Domain login, but it does not work with cookies
too. Two different websites cannot exchange cookies. When I login into
Passport, all websites that work with Passport technology can know my
details. So, there should be a method to pass this information from Passport
to each website, not via cookies or sessions.

Re: How would you face this problem?

With Passport, you have to login at least once at the passport protected
site, and then your login is saved in a cookie. Even then, if you go to a
different passport protected site than the one you were previously logged
into, you usually have to log in again.


Bob Lehmann

"MarcG" wrote in message
news:45e35e42$0$809$4fafbaef@reader5.news.tin.it...
> "Phillip Windell" <@.> ha scritto nel messaggio
> news:%23aDcD1eWHHA.996@TK2MSFTNGP02.phx.gbl...
> > It works by cookies, not by Domain login.
>
> Yes, it does not work with Domain login, but it does not work with cookies
> too. Two different websites cannot exchange cookies. When I login into
> Passport, all websites that work with Passport technology can know my
> details. So, there should be a method to pass this information from
Passport
> to each website, not via cookies or sessions.
>
>

Re: How would you face this problem?

"Bob Lehmann" ha scritto nel messaggio
news:uWEB2bgWHHA.4796@TK2MSFTNGP05.phx.gbl...
> With Passport, you have to login at least once at the passport protected
> site, and then your login is saved in a cookie. Even then, if you go to a
> different passport protected site than the one you were previously logged
> into, you usually have to log in again.

I went to a site and tried to login: it sent me to Passport's website where
I logged in and then was redirected back to the original website. As far as
I know, I cannot create a cookie (on Passport's website) that can be "seen"
by other websites (original website).