authentication
authentication
- Subject: authentication
- From: Dave Elsner <email@hidden>
- Date: Thu, 21 Oct 2004 17:45:16 +1000
Hi,
I need to write an WO application that authenticates a user using radius and a database at our end, then once I have determined they are a valid user redirect them to another server.
I already have the code which authenticates at my end, and a .NET page has been created by a 3rd party to accept connections only from only my servers IP address. We generate a random key and send that key to the .NET application which checks if the key is valid if so logs the user in automatically to their web application.
Q1. Currently I'm using the following code to log on
aResponse.setStatus(302);
aResponse.setHeader("http://somedomian/logontest.asp?username="+ userName +"&Key=" + key, "location");
How can I send the username and key in a get/post so the query string isn't ever visible (although it currently isn't as
logontest.asp Automatically redirects the user before they ever get to see the URL)
Q2. Is this a secure way to do this? or is there a better way? Only medium level security is needed its not for any credit cards, or personal information etc
Cheers
Dave
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden