Need a bit of advice here! I’m currently working on a project in which agencies and clients can both login to a ‘dashboard’. However all the client dashboard is created in PHP, and the Agency stuff in ASP.Net (don’t even ask!). However I need the functionality for an agency to do the following:

• Agency logs in.
• Agency clicks view client link
• Agency is logged into client UI automatically and views client page.

Obviously this is difficult as trying to auth between ASP.NET and PHP! However I have come up with the following solution – will this work?

• Agency clicks view client.
• ASP.NET encrypts, using a key, a few bits of important info as well as a timestamp.
• ASP POSTs this request to a PHP page
• PHP decrypts using the key, checks that the user exists in DB and checks that this agency has permission to view the requested client page. Also checks timestamp is within say 10 seconds.
• IF all above is OK, then agency is logged into to PHP and sees client page.

What are your thoughts?

And what would be the best encryption method for both ASP/PHP?

Thanks,

Dave