modify security to allow third party security

Topics: ASP.NET 2.0
Nov 17, 2009 at 8:09 PM

I'm very new to blogengine.net and was wondering if there was a way to modify the security so that it would take a user's logged in credentials from another web form.  Not Active Directory though....basically on all of our websites, we have a login page and that login page handles security for all of the applications that we have.....I was wondering if there was a way to incorporate that security funtionality into blogengine so I wouldn't have to create 10, 000 user names and passwords....any help would be appreciated....

 

Thanks,

Coordinator
Nov 18, 2009 at 2:40 AM

If blogengine runs in the same domain with other apps and share same machine key in web.config, they all will be using same authentication token. That means blogengine will recognize users logged through other application as authenticated. You only need to sync roles, so that admin in one app means the same as admin in another. Take a look here.

 

Nov 18, 2009 at 1:04 PM

Not sure if that will work for me......basically...we have an HR login that all of us use and what I want to do is modify the code to use the current logged in users information instead of having to create a user name....maybe I'm not explaining it right....

Coordinator
Nov 19, 2009 at 6:56 AM

Is the HR login an ASP.NET based application?  Is the HR application and BE running on the same web server?  I'm guessing when you login on the HR side, an encrypted cookie is placed on the computer.

Depending on if BE is running on the same server (and maybe within the same Web Site) as the HR application, if you assign both applications the same machineKey (like rtur explains in his post), you *might* be able to read that login cookie from BE.

Another possibility with a different approach might be to build a simple page or function within BE that would make a call back to the HR application to determine if the current user in BE is logged in in the HR application.  This might not be very easily accomplished, but seems theoretically possible.