cosign-discuss at umich.edu
general discussion of cosign development and deployment
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Conditional Authentication Question
- To: <cosign-discuss@xxxxxxxxx>
- Subject: Conditional Authentication Question
- From: "Daniel E. Lehman" <del3@xxxxxxx>
- Date: Mon, 8 Nov 2004 10:50:41 -0500
- Thread-index: AcTFqrou/4mv2EnzQu6yuvb6QsPA8Q==
- Thread-topic: Conditional Authentication Question
OK, so maybe the subject isn't worded properly, but here is what I would like to do. I'm shopping for ideas.
We're running IIS using VBScript coded ASP pages. We have a database driven, online directory where we have elected to hide e-mail addresses to prevent spambots from harvesting addresses. Essentially, a link is present that takes the user to a form that the user can complete to send a message to the directory listee. The problem is that all our addresses are hidden all the time. We would like that to change.
I see two avenues - one is to display the addresses only to hosts within the Penn State IP space while the other is to use some sort of authentication. I think the best way is to use CoSign, but I am running into a problem - it appears that CoSign is an "all or nothing" product - meaning if I want Penn State people to see the addresses I would need to create a duplicate set of directory pages that would be protected by CoSign leaving the original set of pages available to anonymous access. What I would like to do is to code the page to look for the cosign cookie and if present, present a link to a pop-up page that would first check the validity of the cookie then display the address. Is this possible? Is there a better way that I haven't thought of?
Daniel E. Lehman
Facilities and Network Coordinator
Penn State Materials Research Institute
196 MRI Building
University Park PA 16802