ASP.NET /Classic ASP Security Mix

[Guest]

Hi all, is there a recommended approach to integrate ASP.NET security features in a classic ASP app? My general idea is to create a front end sign in process to authenticate the user and issue an authentication ticket that the ASP pages could somehow use to identify the user. Has someone already solved this?

Thanks

 

[Raterus]

I've done this before, basically I created a cookie where I stored the username and a md5 hash of the username & a shared key. Then when my asp pages get presented with this cookie, I recreate a test hash based on the username/key, and that better match up to the hash created in the cookie!

This kind of authentication can work both ways too, I'm in the slow process of converting an asp website into asp.net, the asp login page still exists. So when they login with that, I set up this secure cookie, then on the first request of the asp.net page, I authenticate the client with this cookie, and then set up a formsauthenticationticket, and use that for all future requests. Works great!

--Michael