Hi

I have an interesting situation I have been trying to resolve for some time
now with no luck. I wonder if anyone here may be able to help.

I am trying to achieve a single point of authentication for my users.

I have 3 web servers on my site. One is running IIS, one is an AS/400 and
one is a java servlet.

Each have been set up to use Basic Authentication and all is fine and dandy
until a user attempts to jump from one to the other.

Even though usernames and passwords have been set up identically on each
system, the user is prompted for these details if they attempt to access
content on a different machine.

So we have the user Billy on each of the 3 machines with the same password.

1. Billy accesses secure content on IIS
2. Billy challenged for username and password
3. Content is served to Billy
4. This content contains a link to the AS/400 which Billy clicks on
5. Billy challenged for username and password
6. Content is served to Billy

From this point on Billy can access resources on both the servers with no
further logins required. It would be far more elegant if Billy could log
in just once for all resources.

Any suggestions gladly recieved!

Thanks

Adge

You can't pass the built in authentication since Win2k and AIX (that what
AS/400 uses, right?) use different authentication methods that aren't really
compatible. Well, you may be able to use Kerberos.

You could try using a SQL DB to store data in the same way a session
variable is ASP works and then each server can check to see if the user has
authenticated.
--
Eli Allen
eallen@bcpl.net

"Adge" <adrianw@uk.cpm-int.com> wrote in message
news:3ab3f678$1@news.devx.com...
>
> Hi
>
> I have an interesting situation I have been trying to resolve for some
time
> now with no luck. I wonder if anyone here may be able to help.
>
> I am trying to achieve a single point of authentication for my users.
>
> I have 3 web servers on my site. One is running IIS, one is an AS/400 and
> one is a java servlet.
>
> Each have been set up to use Basic Authentication and all is fine and
dandy
> until a user attempts to jump from one to the other.
>
> Even though usernames and passwords have been set up identically on each
> system, the user is prompted for these details if they attempt to access
> content on a different machine.
>
> So we have the user Billy on each of the 3 machines with the same
password.
>
> 1. Billy accesses secure content on IIS
> 2. Billy challenged for username and password
> 3. Content is served to Billy
> 4. This content contains a link to the AS/400 which Billy clicks on
> 5. Billy challenged for username and password
> 6. Content is served to Billy
>
> From this point on Billy can access resources on both the servers with no
> further logins required. It would be far more elegant if Billy could log
> in just once for all resources.
>
> Any suggestions gladly recieved!
>
> Thanks
>
> Adge

i'm assuming you're using basic auth to the web server, but NOT basic auth
to the as/400 box (ie; you're using native os/400 or aix auth, and not a
web server)

in which case, you'll have issues, i'd doubt very much you could get it to
work without writing some funky code. or, placing a web server on the as/400
and re-using basic auth creds from the client. you could do this by getting
the users creds in a form, building up an url that contains the creds (ie;
http://username&pwd@www.foo.com) and passing this to the iis box and then
to the as/400 box.

not pretty!


"Adge" <adrianw@uk.cpm-int.com> wrote:
>
>Hi
>
>I have an interesting situation I have been trying to resolve for some time
>now with no luck. I wonder if anyone here may be able to help.
>
>I am trying to achieve a single point of authentication for my users.
>
>I have 3 web servers on my site. One is running IIS, one is an AS/400 and
>one is a java servlet.
>
>Each have been set up to use Basic Authentication and all is fine and dandy
>until a user attempts to jump from one to the other.
>
>Even though usernames and passwords have been set up identically on each
>system, the user is prompted for these details if they attempt to access
>content on a different machine.
>
>So we have the user Billy on each of the 3 machines with the same password.
>
>1. Billy accesses secure content on IIS
>2. Billy challenged for username and password
>3. Content is served to Billy
>4. This content contains a link to the AS/400 which Billy clicks on
>5. Billy challenged for username and password
>6. Content is served to Billy
>
>From this point on Billy can access resources on both the servers with no
>further logins required. It would be far more elegant if Billy could log
>in just once for all resources.
>
>Any suggestions gladly recieved!
>
>Thanks
>
>Adge

Mike

Thanks for the suggestions, not pretty indeed!

I think I may have sussed it though (for Basic Authentication anyway) by
using Microsoft Proxy server to fool the browser into thinking we're on the
same site so it sends the auth headers with the request. When the As/400
is running a web server it will accept basic authentication.

Thanks again

Adge

"Michael Howard" <mikehow@microsoft.com> wrote:
>
>i'm assuming you're using basic auth to the web server, but NOT basic auth
>to the as/400 box (ie; you're using native os/400 or aix auth, and not a
>web server)
>
>in which case, you'll have issues, i'd doubt very much you could get it
to
>work without writing some funky code. or, placing a web server on the as/400
>and re-using basic auth creds from the client. you could do this by getting
>the users creds in a form, building up an url that contains the creds (ie;
>http://username&pwd@www.foo.com) and passing this to the iis box and then
>to the as/400 box.
>
>not pretty!
>
>
>"Adge" <adrianw@uk.cpm-int.com> wrote:
>>
>>Hi
>>
>>I have an interesting situation I have been trying to resolve for some
time
>>now with no luck. I wonder if anyone here may be able to help.
>>
>>I am trying to achieve a single point of authentication for my users.
>>
>>I have 3 web servers on my site. One is running IIS, one is an AS/400 and
>>one is a java servlet.
>>
>>Each have been set up to use Basic Authentication and all is fine and dandy
>>until a user attempts to jump from one to the other.
>>
>>Even though usernames and passwords have been set up identically on each
>>system, the user is prompted for these details if they attempt to access
>>content on a different machine.
>>
>>So we have the user Billy on each of the 3 machines with the same password.
>>
>>1. Billy accesses secure content on IIS
>>2. Billy challenged for username and password
>>3. Content is served to Billy
>>4. This content contains a link to the AS/400 which Billy clicks on
>>5. Billy challenged for username and password
>>6. Content is served to Billy
>>
>>From this point on Billy can access resources on both the servers with
no
>>further logins required. It would be far more elegant if Billy could log
>>in just once for all resources.
>>
>>Any suggestions gladly recieved!
>>
>>Thanks
>>
>>Adge
>