I'm in a situation where I need to auto-auth users between an ASP.NET website and WordPress. The idea is once you're logged into the ASP.NET website and if you browse the WP pages your logged in automagically and vice versa.
In ASP.NET I can auth users against WP database but that's all I can think of, so the question is.
-How to enable this by-directional authentication scheme?
-Zubair
I had a similar problem, where I had an ASP.net application (third party) and a PHP application (built in-house). I have modified the ASP.net application with just a few lines of code, so that it worked like this:
- User logs to the ASP.net application
- The ASP.net application sets a session cookie (this is automatic)
- Modification: the ASP.net adds a row to the database with the session ID (which is in the cookie) and the username
- The PHP application reads the ASP.net session cookie and gets the session ID
- The PHP application searches the DB for the session ID and if it is found, it automatically associates the session with the username found
I also added an expiry time for the sessions, to minimize impersonation possibilies...
There are two different server side scripts and it is hard to create by-directional authentication. Since WP uses cookies, you might try to authenticate users against cookies. creating a mechanism that check if there is valid WP cookies in users machine and then read from cookies to authenticate users.
Send cookies from PHP by SetCookie()
method, then read cookies from ASP.Net by reading cookies collection
(since the name of the cookie changes). then Decode url.. (in ASP.Net you wil get encrypted url. special caharacters are replaced by(#-->%23 , @--->%40 etc..)