Mike Kear wrote: > Sorry if I'm asking really basic questions here, but I'm dealing with a > programmer who is on sabbatical in Poland, and is doing the work in his > spare time there, (so I can't talk to him on the phone) and he loves to > blind people with jargon. So he'll give me gobbledegook and I'll have to > decipher it. He wont change anything on his side of the site, I'll have to > do all the adjusting to fit what he's doing. That's how it is. > > Anyway ... are "Basic Authentication" and "Digest Authentication" the > terms the .aspx programmer will know it by?
He should know the terms, they are straight from the RFC on HTTP authentication (2617). > And to hand back to the .aspx site a user who's still showing as > authenticated, all I have to do is use <cfheader to include whatever headers > were included with the .aspx page that the user came over with. Is that > right? The idea is that after being initially challenged the browser will automatically include credentials with every request to documents on the same level or lower in the directory structure of the site. If you use Digest authentication, you can even designate other sites (by name) that should be authenticated with the same credentials. So you don't start a session on both the .aspx and the .cfm side when the user logs in, you just start it on one side. And whenever the user hits a page in the other language, credentials are included so you can start a session on that moment. cflogin can work automatically with HTTP authentication. Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
