I'm doing that right now, in the opposite direction. Our users are validated and granted access in our .asp shop, and we have to allow entry to the coldfusion parts of the site if they have access to the .asp parts.
What we're doing is this, and something similar will probably work for you in reverse: The user gets validated at the shop, and then is diverted by the shop to the main content part of the site (also .asp based) where it sets up .asp session variables. So we're adding a line in the .asp code to divert them instead to a coldfusion page which only sets up client vars in CF, then passes them on to wherever they were being sent by the .asp shop. Later when they come to the coldfusion part of the site, there is already a CF session going and they can be validated that way. This means the user has 3 sessions - one at the shop where they buy access (or provide login details), one in the .asp content part, and one in the coldfusion part. This isn't code you can use, but perhaps it'll help you figure out how to do it. We looked at ways to store the .asp session vars in the database or making the user provide login details again or maybe just biting the bullet and making all the coldfusion part of the site open and free to everyone. In the end we figured all we needed to know at the coldfusion stage was whether the user was allowed access. We didn't need to know their name and other details, for this application, so we just look for a single digit in the url when the user is diverted to the coldfusion part, plus a little error checking to make sure someone can't spoof that url and that's all we need in a few lines of code that adds only milliseconds to the processing of the access control. Cheers, Mike Kear Windsor, NSW, Australia AFP WebWorks -----Original Message----- From: Jeff D. Chastain [mailto:[EMAIL PROTECTED]] Sent: Thursday, 5 September 2002 12:32 AM To: CF-Talk Subject: CF & ASP - Side by Side? I have a large content management system designed in Cold Fusion that implements user security based on an LDAP server and a set of client variables. I am needing to drop an old legacy ASP app in next to it and have the users be able to move seamlessly between the two. The problem is that the ASP app is secured using NT authentication - i.e. CGI.REMOTE_USER. Does anybody know of a way I can easily (without re-writing it) get the ASP application to recognize/read the client login variables from the Cold Fusion app? Thanks -- Jeff ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
