I have two separate apps (one is classic asp, the other is asp.net) which, from the point of view of the user, should appear seamlessly as one "application". As others have pointed out, the two apps can't share session information, so I am planning to use windows authentication along these lines:-
In the ASP world:
Request.ServerVariables("AUTH_USER")
and in ASP.Net (.Net 2.0):
System.Threading.Thread.CurrentPrincipal.Identity.Name
which is called from my business logic layer (i.e.
HttpContext.Current.User.Identity.Name
is not available to me).
Is this considered good practice or is there a better way? What do I need to consider when setting up IIS?
Best Answer
I had to do this a couple of years ago and I remembered Scott Guthrie had a good post that got me started.
http://weblogs.asp.net/scottgu/archive/2007/03/04/tip-trick-integrating-asp-net-security-with-classic-asp-and-non-asp-net-urls.aspx
We ended up buying the book he talks about too. It's a good read.