Reputation: 12726
How to use ASP classic authentification with ASP.NET?
I have a web application which is implemented in ASP classic. Now we want to move to ASP.NET but as the application is quite big we can't migrate at once. Instead we decided to move there gradually adding and replacing ASP.NET bits.
I know that it it possible to use ASP.NET authentication with ASP classic as described here: http://weblogs.asp.net/scottgu/archive/2007/03/04/tip-trick-integrating-asp-net-security-with-classic-asp-and-non-asp-net-urls.aspx
What I need is exactly opposite. Is there a way to secure ASP.NET pages using our ASP classic authentication system? If there is no standard way to do it, how would you implement such thing?
Thanks
Upvotes: 0
Views: 954
Answers (1)
Reputation: 23084
If you can encrypt a valid ticket in your Classic ASP code in such a way that the ASP.NET FormsAuthentication module can decrypt it, then a user with such a ticket (stored in a cookie or in the URL) will be considered authenticated in the ASP.NET request pipeline.
Here is the documentation on how to manually encrypt using the static FormsAuthentication.Encrypt method:
http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.encrypt.aspx
This illustrates that the ticket is really nothing special, basically the user name, expiration date. Note that you also store some extra user data in the ticket.
Of course, that still doesn't give us the actual encryption algorithm. This depends on the configuration in web.config, specifically the <machineKey>-element. You should explicitly set the decryptionKey attribute, because you need to use the same key in your Classic ASP code.
And you should also set the decryption attribute so that you can use the same algorithm in your Classic ASP code (like DES for example). If necessary you can create a custom decryption algorithm if you can's support the built-in ones in your Classic ASP code.
You would end up with a configuration like this:
<machineKey decryptionKey="your key here" decryption="DES" />
That is how I would implement it.
Upvotes: 1
Related Questions
- Using windows authentication in asp.net with c#
- Classic ASP - SQL Server 2008 Connection String using Windows Authentication
- Integrating FormsAuthentication from asp.net in classic asp
- Connect to SQL server (Windows Authentication) via Classic ASP
- Connect to SQL Server database from classic ASP using windows authentication
- Active Directory authentication
- Classic ASP & ASP.Net Authentication
- authentication problem or bug
- ASP.NET authentication
- Forms authentication for classic ASP on IIS 7.0