The situation is a bit complicated, so I'll try and explain it clearly.
I am part of a program that is integrating with another and we are transferring all our web apps to their server. As a result, we will have a section on their site that will be accessed through their portal and authentication (smart card).
The way they have decided to handle authentication is that they will require all our URL's to be accessed behind their authentication, but once the user validates they hand off the validation to our pages and we simply call the user information from a web service.
What I'd like to know is:
Even though we don't handle the original login, should we utilize a full fledged authentication system based off the information gained from the web service, or is registering the user in a session or cookie enough?
I don't know specifically how the web service they are setting up will work, but I'm trying to prepare the sites with as much as I can before attempting to integrate.
I apologize if this isn't clear, it's a complicated scenario that I don't have much control over.
Thanks for any advice!
