I have a client running an ASP.NET application. Inside of that, there’s a self-contained PHP wiki. The problem is that the wiki won’t use the .NET authentication, so requests directly to http://foobar/path/wiki/ will resolve without forcing a login.
My simple solution for this is to run the PHP application in an iFrame from an .aspx file that will force authentication, and then use PHP to detect if the page is loaded outside of a frame and redirect if so.
I know this can be done with JavaScript quite easily, but I would prefer to do this test server-side before the Wiki content loads. I need help figuring out a way that this can be done. Referrer comparison perhaps?
Any suggestions?
Thanks!
There is no way to tell on the server-side if a client’s browser is loading a page within a frame, tab, or dedicated window.
What you can do is have your .NET application set a cookie after authenticating that the PHP application will read. If the cookie doesn’t exist then do a redirect to the authentication page.