- A link will be provided for the WebSiteA to WebSiteB
- We are not able to code anything in WebSiteA
- I need to pass a token from WebSiteA to WebSiteB (In order to understand the user is coming from WebSiteA)
- Can't use
Request.UrlReferrerto identify previous site since WebSiteA is HTTPS - Query string is insecure because of replay attack (If any outside get the url it can be re-used)
Asked
Active
Viewed 62 times
0
Tim M.
- 53,671
- 14
- 120
- 163
RoshinNarikkot
- 7
- 2
-
2. We are not able to code anything in WebSiteA .... Do you mean you cant add / modify any code on website A ? – Pit Digger Sep 24 '12 at 14:04
-
The key question is how WebsiteA identify the user? What kind of login mechanism does it have? – Shadow The GPT Wizard Sep 24 '12 at 14:24
1 Answers
0
I would personally use an encrypted POST variable which get's POST'ed to WebSiteB.
WebSiteB then decrypts this with the private key.
Optional validation: WebSiteA has a (HTTPS?) webservice, which WebSiteB then checks with the decrypted key to validate / get more information from WebSiteA for that same request.
Some encryption / decryption techniques here: Encrypt and decrypt a string
This way it's secure and can be checked if it's trying to be spoofed etc...
Community
- 1
- 1
RemarkLima
- 11,639
- 7
- 37
- 56