I have two web application. One is for centralized Image server.
Suppose they are a.com and b.com
b.com is for image server.
and a.com is where my application is hosted.
I have created a handler for images ob b.com which process the request and add watermark and send it back to a.aspx.
I am passing the path of the image (absolute like http://b.com/ImageHandler.ashx?id=imageurl) to the Handler on b.com
Now I am not able to authenticate the request on b.com
Now I am thinking about Handler which is on b.com
should be on a.com
because at a.com I can easily authenticate user.
for this purpose do I need the handler at both a.com and b.com
or is there is any way that I can authenticate the user at b.com.
which has session on a.com.
I can not access the database for each request at b.com because the number of request for the images is very big.
Hope I am able to explain my problem correctly.
- 17,412
- 13
- 61
- 117
-
Are you trying to: a/ Only make sure an authorised user at a.com can see their own images at b.com or b/ only make sure that images at b.com can be requested via a.com? – dash Feb 29 '12 at 09:24
-
This is complicated. Is it not possible to make a HttpWebRequest to the handler on a.com(Image Server) to retrieve the image as response??? what you say...you can try it – Dinesh Feb 29 '12 at 16:19
-
since the images are at b.com (physically stored) and I have to get the physical address for writing text on the image (as I think). Folder sharing is one of the option as @vinayC has given me. Can I convert the url into a Image?? If i know the relative path of the image. – शेखर Mar 01 '12 at 04:43
2 Answers
You need to first evaluate whether it make sense to have image server under different domain. If its all about sharing the same code among multiple sites then you will be better off by putting you handler under site and sharing the relevant code via class library.
There can be legitimate reasons for having handler on different domain. For example, it might need different level of scaling, it might be resource-hungry and you want to isolate it to different machine (isolating to different app-pool is possible under same domain) or because of some licensing issue (you want to save processor based license cost of some library used by handler).
If there are going to be different domain then you can have them as sub-domains. For example - a.xyz.com and b.xyz.com. In such case, same authentication ticket (issued at parent domain i.e. xyz.com) will suffice for both. See domain property for Forms Authentication Cookie to control this.
You also need to ask if authentication make sense for your image handler. Do you want it to be open or restricted to certain users? If you want only authenticated users and you want to support multiple applications then you are looking at supporting user sets of multiple applications. If it's the same user set (e.g. active directory) then your job will be simpler - have a single authentication provider whose ticket will be trusted by your site and all other applications [Windows Authentication works on similar basis].
If its diverse set of users then it essentially means that for image server, you have multiple authentication providers that you need to trusted. You probably need to look at some Federated Identity system - see one such .NET based implementation discussed here: http://msdn.microsoft.com/en-us/magazine/ff872350.aspx
- 47,395
- 5
- 59
- 72
-
In the question i told about a.com in future i am going to have many application like c.com etc accessing the same image server. I also wanted to restrict b.com images from direct access. Can I check the request object to check from where the request is coming if it is from my web application a.com then it should serve the request if not then it should not serve the request. – शेखर Feb 29 '12 at 09:49
-
@krshekhar, I am assuming that you talking about referrer field from request! Relying on such field can be problematic as it is easy for anyone to create counterfeit requests. Further, I am not certain from where call to b.com is going to originate from. So far I was assuming it to be from browser, but if b.com is directly accessed via a.com server code (as opposed to browser) then you really don't have much authentication issue - all you need to ensure is that call to b.com is made with correct user credentials. – VinayC Feb 29 '12 at 10:46
-
earlier I have created http handler on b.com now I want to move the handler on a.com (for authentication check). But for writing text on image I need the absolute path of the image("C:/Images/...") which can be get only on b.com (as I think). So do I need handlers at both the application. One for writing text (on b.com) and another for authentication user (on a.com). also I wanted to know how can I cast the http request to image on a.com. An how much performance will be affected by doing this. – शेखर Feb 29 '12 at 11:04
-
@krshekhar, if u mean that files are physically stored on b.com then you can create a file share that is accessible from a.com. – VinayC Feb 29 '12 at 11:37
-
Maybe this helps:
http://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx
Asp.net forms authentication and multiple domains
If this doesn't work for you you could pass some kind of encrypted token to b.com that b.com can validate to ensure the request is legit.
- 1
- 1
- 8,368
- 1
- 23
- 36