Question

Use ASP.NET forms authentication from Java

1

In our application we want to redirect the user to another expert system. To enter this expert system the user has to authenticate with his credentials. We have all the user information on our end and it seems such a simple thing to achieve. This link: Using Web Services in ASP.NET AJAX gives much info on how to achieve this by using POST or GET. Since GET uses an URL to authenticate this would seem the easy way but also the one with more security risks. The URL can be tampered with. I already started with java code to try to use the POST route but then realized this would never work from the Mendix cloud since this code needs to be executed on the client side and not on the server. What would be the best route to try to achieve the authentication and redirecting to this website? Is it indeed true that the POST route will never work? Or should I create a widget since it seems from this link: Using Forms Authentication with Microsoft Ajax that javascript can be used to authenticate? For time sake we now use the GET route and reset the password after each login to the other website. Not the most elegant way. Anybody a suggestion (or better, did anybody already solved the same problem)? Regards, Ronald

asked 2013-01-10

Ronald Catersels

1 answers

Jonathan Beck · Answer 1 · 2022-11-14

I would like to bump this question. How does one accomplish the following.

Authenticate to a host .net application (or any private auth)
Redirect the user to a Mendix application with authorization provided by host
Authenticate into Mendix without creating a Mendix User (is this possible?)

Some options that spring to mind are

GET Send secure hashed credentials in a url.
- The Mendix app will decode the hashed credentials and redirect the GET request to a authenticated Mendix session
POST the credentials to a Mendix API and get a Mendix session
- Mendix authorizes a specific session
- Mendix API responds with a hash token
- Host app logs into Mendix with provided session ID

The big question here is if I have 1 million users in my host application and I may have upwards of 5,000 Users online at any given moment, how do I create authenticated Mendix App sessions from my host application without creating thousands of Mendix Users?