Maybe I'm way off base trying to authenticate the user and start the session via webservice. If the SSL is enough with an encrypted url var that would make my life alot easier!
I'm open to any ideas! Greg On 9/20/06, Greg Luce <[EMAIL PROTECTED]> wrote: > > OK, are you saying just sending their credentials via url over SSL is > best? > > > On 9/20/06, Jim <[EMAIL PROTECTED] > wrote: > > > > 1) an idea: > > > > they send their credentials to you ws > > > > if okay, you generate a really long (say, 256 characters) random string > > > > you update their user record, and put that string into a field e.g. > > authkey > > > > you send that string back to them > > > > they then send that string to the report for auth, which checks the db > > for that string > > > > > > 2) SSL is probably way, way better! > > > > > > > > Greg Luce wrote: > > > OK, this has kicked my butt for 2 days now. I have a CF application > > (SSL) > > > with a certain report a client wants to serve up inside their C#.NET > > app > > > frameset. They have credentials they can provide. I've been trying to > > use a > > > webservice to authenticate these credentials (username/pw) and if good > > > create a bunch of session variables as if they were logging in > > manually. I > > > was hoping to then return a CFID and CFToken or jsessionid to the > > consumer > > > and they could use that in their frameset call of the report and they > > would > > > "join" that session. Currently I can create the session via the ws and > > send > > > back the structcount() of the session. But there don't seem to be cfid > > and > > > cftokens defined nor jsessionid. > > > > > > So, is what I'm attempting impossible, possible using some other > > technique, > > > or just stoopid? > > > > > > Maybe I'm making this too hard. Is there any problem just having the > > users > > > pass their credentials (encrypted with today's julian date as key) to > > the > > > report via the url over SSL? > > > > > > Thanks for any ideas to help me beat this thing. I know the first step > > is to > > > admit I have a problem and that I'm powerless over it! ;-) > > > > > > Greg > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:253646 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
