Forum Moderators: phranque
The Story:
Our organization purchased an AMS (association management system) then hired me to maintain & redesign their website. the AMS system is based on .NET and is basically a retro-fitted shopping cart to manage our massive membership info.
Our website runs on a linux/apache box with over +30,000 static HTM, HTML pages and a small mix of ASP, PHP, & perl scripts. I'm planing on purchasing or writing a CMS for handling all the info.
The Problem:
Our members need to log in to our website to view "members-only" information. This is presently handled by .htaccess, perl scripts, and a weekly database dump. Not elegant, but effective.
With the new AMS system all membership info is stored in a SQL Server database and must be retrieved by their using their API library & writing .NET modules.
The Question:
How can I authenticate whether a person is a member on our linux server when all the info is now going to be only accessible through the other server's API & .NET sessions? Note: the AMS software does not use LDAP. i can add pages & webparts to the system but i can't just go and re-rewrite this million dollar program!
well if you have any ideas or suggestions i'd really like hear them. oh, and yes, i've already started drinking heavily ;)
-IPfreely
If you can do that reasonably easily, then it shouldn't be too difficult to write a simple web service on the .net box that uses the AMS API to do a quick authentication test and return a YES/NO result.
If you're stuck with .htaccess then you have a more interesting problem on your hands. LDAP is a pretty straight forward protocol, so you could investigate writing an LDAP server for the .net box that talks to the user database through the AMS API.
How easy this is I think depends on how easily you could move the content your Linux server from being protected by .htaccess to be protected by a login / cookie mechanism.
changing .htaccess to login/cookie on our Linux server won't be too difficult - just time consuming. i was planning on converting all the pages to .PHP because it's the language i'm most comfortable with. i am unfamiliar with writing web services though.
If you can do that reasonably easily, then it shouldn't be too difficult to write a simple web service on the .net box that uses the AMS API to do a quick authentication test and return a YES/NO result.
can you start a .NET session by calling a web service from another server?
the method recommended to me by the authors of the AMS software was: when the user wants to view 'member-only' content to send the user from the Linux server to the .NET server & have the user log in (this starts the .NET session) then redirect them back to the Linux box with a cookie that contains their privileges. this seems a bit convoluted to me. i just don't know much about the capabilities of web services.
LDAP is a pretty straight forward protocol, so you could investigate writing an LDAP server for the .net box that talks to the user database through the AMS API.intesting concept but i really don't know much about LDAP. i mean i get the underlying principle, but not how to implement it.
do you think the web service route would be easiest? i have a deadline making this all work by august.. <eek>
thanks so much for reading this,
IPfreely
the method recommended to me by the authors of the AMS software was: when the user wants to view 'member-only' content to send the user from the Linux server to the .NET server & have the user log in (this starts the .NET session) then redirect them back to the Linux box with a cookie that contains their privileges. this seems a bit convoluted to me.
Actually, this sounds reasonable, and should be straight forward provided that the Linux server and AMS server are on the same domain, for example:
www.yourdomain.com (the AMS server)
www2.yourdomain.com (your content server)
What the company is suggesting you do is write a custom script (as you've said you can do) that resides in the protected realm of the AMS server, meaning that a visitor has to login before they can access it.
All that script has to do is set a cookie and then redirect them to the content server.
Then, you can alter .htaccess on your content server to restrict access based on the existance of the cookie rather than using authentication. An example .htaccess might look as follows:
RewriteEngine on
RewriteCond %{HTTP_COOKIE}!^.*access=granted.*$
RewriteRule .*$ [www2.yourdomain.com...]I know this sounds a bit complicated, but what your supplier is recommending does look like the easiest way to go about it. Your problem is solved by a 2 line ASP script on the AMS server, and a slight modification to .htaccess on your content server.
would it require a perl script or do you know if apache/linux systems have a method that can be customized to determine access based on info stored in the cookie? (or is it the same thing;))
thanks again!
IPfreely
