Our website runs on ASP.NET v4 and users log in user Forms authentication.
We are considering purchasing a web application that will add to our services. The only problem is that this new website is written in PHP.
We would like users to login to our ASP.NET site and then navigate to the PHP site. The PHP site should notice that users are logged-in though. So we probably need to transfer the ASP.NET SessionID cookie and somehow use that to verify whether or not the user has been authorized.
Does this sound feasible? Or am I barking up the wrong tree?
It is surely possible, but you need some dirty-coding to do.
In fact, both ASP.NET and PHP
Sessions create a software layer that hides mechanisms used to perform session handling and validation.You can simply define a common cookie between the two applications (make sure you sign it or store it in a common DB), then use your own custom logic to link an ASP.NET session to PHP.
Database is a great option. I would recommend you to define a custom session manager class in Web.config and have it write session data in common DB, from where PHP will load.
But I don’t know how to write a custom PHP session manager. You might consider using custom PHP code on page init to initialize session basing on data found on DB.
So your application will be made of three things:
A simple usage scenario:
More complex designs could actually share session data between both PHP and ASP.NET using a single database table AND no local memory.