My production environment involves a pair of IIS 6 web servers, one running legacy .NET 1.1 applications and the other running .NET 2.0 applications. We cannot install .NET 2.0 alongside 1.1 on the same machine because it is a tightly-regulated ‘Validated System’ and would present a bureaucratic nightmare to revalidate.
Websites on both servers use Basic Authentication against Active Directory user accounts.
Is it possible for a web application on the 1.1 server to securely redirect a user to a page served on the 2.0 server, without requiring users to re-authenticate?
No, because you’re not using cookies for authentication in that scenario, so ScaleOvenStove’s link won’t help.
Basic authentication sends the login information in the HTTP headers with every request, but it’s the browser that does this, when it sees a new server, new password request.
(Or indeed as suggested change the authentication on both systems to support single signon)