my customer has intranet portal , wants have button in such when clicking on it open web site , login user in customer intranet automatically site.
the user, on both intranet , site, have same user id (the user id email).
we have ip authentication in place, site knows ip intranet site coming from, authorizes it. unauthorized ips redirected kick them out.
how can customer pass user id (aka email in case) intranet web site, in such way secure?
here concerns being secure: a) user id passed parameter web site (for example part of query string in url or hidden input field in form in post call), there danger of in intranet altering user id else's user id , entering them. example, if joe@abc.com, joe@abc.com passed somehow intranet site parameter. make change joe@abc.com dave@abc.com log me in site dave@abc.com.
b) let's user id encrypted. so, joe@abc.com becomes aaabbb000111. if share encrypted value anyone, person use encrypted value , login me. of course have share encrypted value him.
so, think there , elegant way accomplish passing user id intranet external site in secure way?
query string can used pass information on if secure not that. can pass in cookie easy again, if isn't option because data sensitive, sessionstorage store data temporarily between pages.
sending server sounds best bet log them in save there session in cookie , redirect them.
Comments
Post a Comment