authenticate user from Java Application

[DotNetGnat]

Guys,

I have an asp.net application that uses forms authetication and AspNetSqlMembershipProviderRelaxed provider. No problems with this application.

I have another application...its a J2EE application...I have a link on one of the Jsp pages that opens a new window and tries to show one of the pages of the asp.net application...

But since this page is protected, I am trying to first authenticate the user so that the page can be displayed instead of redirecting the user to the login page...

The user name and password are same for both the applications...

any suggestions on how to authenticate the user first and open the desired page...

thanks in advance...

-DNG

 

[jmeckley]

this is probably similar to authenticating users between asp and asp.net applications. This scenario was very common when .net was first introduced. I'm not aware of anything special between asp and asp.net so google for asp to asp.net authentication and port the code to interact with your java credentials.

Jason Meckley
Programmer
Specialty Bakers, Inc.

faq855-7190

 

[DotNetGnat]

Jason,

Thanks for your input...I put a form with hidden fields on the JSP page that when submitted go the unprotected asp.net page and I tried something like this below in the page_load...

Dim uname As String = Request.Form("uname")
Dim upwd As String = Request.Form("upwd")

If Membership.ValidateUser(uname, upwd) Then
[red]'I am not sure what to do here[/red]
End If

Server.Transfer("desiredpage.aspx")


in the Login1_Authenticate in the login page...i have
e.Authenticated = True


How I can replicate that in the above page...

any suggestions...

-DNG

 

[jmeckley]

i would put the authentication at the request level, not the page level.

you can do this with a http module implementation. something like this

    public class AuthenticationWebModule: IHttpModule
    {
        public void Init(HttpApplication context)
        {
            context.BeginRequest += Authenticate;
        }

        private void Authenticate(object sender, EventArgs e)
        {
            var context = HttpContext.Current;
            if (context.User.Identity.IsAuthenticated) return;

            var userName = context.Request.Params["username"];
            var password = context.Request.Params["password"];
            if (Membership.ValidateUser(userName, password)) return;

            throw new SecurityBreachException(userName + " is not authenticated");
        }

        public void Dispose()
        {
        }
    }

    public class SecurityBreachException : Exception
    {
        public SecurityBreachException()
        {
        }

        public SecurityBreachException(string message) : base(message)
        {
        }

        public SecurityBreachException(string message, Exception innerException) : base(message, innerException)
        {
        }

        protected SecurityBreachException(SerializationInfo info, StreamingContext context) : base(info, context)
        {
        }
    }

register this in the web.config file.

<system.web>
   <httpModules>
      <add name="Authentication" type="Full.Name.Space.AuthenticationWebModule, AssemblyName"/>
   </httpModules>
</system.web>

note: this will execute for every request, so you may need to tweak it.

Jason Meckley
Programmer
Specialty Bakers, Inc.

faq855-7190