current community

your communities

more stack exchange communities

Stack Exchange
tour help
careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 1 down vote favorite

I have a winforms application which calls web services and then based on the results fires up an ASP.NET webpage.

The ASP.NET webpage and web services are protected by a custom membership provider. At present the user has to log in to their winforms app and then also into the asp.net webpage. Is there a way to only have to log in to the winforms app and somehow share whatever authentication state exists with the ASP.NET webpage?

I've seen http://msdn.microsoft.com/en-us/library/vstudio/eb0zx8fc(v=vs.85).aspx - however it seems to be more aimed at sharing authentication between server applications, not two client applications.

share|improve this question
    
Can you elaborate on the mechanism that WinForms uses for authentication. –  0leg Jun 12 at 13:58
    
Its authenticating against a webservice using Forms authentication, this grants access to the other webservices –  Rob Rob Jun 13 at 11:25
    
Most likely the WinForms app just sends the credentials to the web services as a part of the request. Chances are the credentials are temporarily stored in the app and sent with all other web service requests, because web services do not typically support a notion of an authentication state. I doubt there is much you can do here aside from passing the credentials when you launch the browser to the ASP.NET page, but it would be very unsafe. Since this all seems like an internal system, why don't you switch to integrated authentication? –  0leg Jun 13 at 16:19

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Browse other questions tagged or ask your own question.