New topic: Securely Passing a User from External Website to RS Web App
<http://forums.realsoftware.com/viewtopic.php?t=45938> Page 1 of 1 [ 4 posts ] Previous topic | Next topic Author Message xbww Post subject: Securely Passing a User from External Website to RS Web AppPosted: Thu Nov 15, 2012 3:05 pm Joined: Wed Oct 12, 2005 5:30 pm Posts: 100 Location: Bryan, Texas We have a Real Studio Web App that requires a user to login. Our customer already has a website with a login. Once the user logs in to their site, they want a button or link to click that passes the user to our website transparently. I am assuming that we need some sort of token or other means to identify the logged in user account. Our main concern is that we do this securely. The other website seems to be asp.net. We do not have control of the other site, but we want to be able to offer suggestions as to the best way to do this. Any ideas would be appreciated! Thanks, Brandon Top Akiland Post subject: Re: Securely Passing a User from External Website to RS Web Posted: Thu Nov 15, 2012 3:35 pm Joined: Tue Jan 04, 2011 3:02 am Posts: 1008 Location: Jönköping, Sweden You can use Session.URLParameter and pass some login information in an encrypted format to your web app. When your web app receives the parameters they are decrypted and used for the automatic login. Make sure you use a strong encryption though. Something like AES-256 with a key that only the sending and receiving app knows. _________________ http://www.linkedin.com/in/albinkiland Dev. iMac 27" + 2x22" LG (2.8GHz Intel Core i7, 12GB RAM, 120GB SSD) OS X 10.8 REAL.Studio Web Edition 2011r3 Top timhare Post subject: Re: Securely Passing a User from External Website to RS Web Posted: Thu Nov 15, 2012 4:16 pm Joined: Fri Jan 06, 2006 3:21 pm Posts: 11808 Location: Portland, OR USA Use a secure server and HTTPS. Top xbww Post subject: Re: Securely Passing a User from External Website to RS WebPosted: Thu Nov 15, 2012 8:22 pm Joined: Wed Oct 12, 2005 5:30 pm Posts: 100 Location: Bryan, Texas Akiland wrote:You can use Session.URLParameter and pass some login information in an encrypted format to your web app. When your web app receives the parameters they are decrypted and used for the automatic login. Make sure you use a strong encryption though. Something like AES-256 with a key that only the sending and receiving app knows. Thank you for your suggestion. I assumed that passing a URLParameter would not be safe since it could be replayed. Is that not true? Top Display posts from previous: All posts1 day7 days2 weeks1 month3 months6 months1 year Sort by AuthorPost timeSubject AscendingDescending Page 1 of 1 [ 4 posts ]
-- Over 1500 classes with 29000 functions in one REALbasic plug-in collection. The Monkeybread Software Realbasic Plugin v9.3. http://www.monkeybreadsoftware.de/realbasic/plugins.shtml [email protected]
