cosign-discuss at umich.edu
general discussion of cosign development and deployment
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Conditional Authentication Question
You take a road along Second Avenue and find out whenever user was
authenticated by checking server variables
Or you can create your own cookie in resource protected with cosign.
From: Daniel E. Lehman [mailto:del3@xxxxxxx]
Sent: Monday, November 08, 2004 10:51 AM
Subject: Conditional Authentication Question
OK, so maybe the subject isn't worded properly, but here is what I would
like to do. I'm shopping for ideas.
We're running IIS using VBScript coded ASP pages. We have a database
driven, online directory where we have elected to hide e-mail addresses to
prevent spambots from harvesting addresses. Essentially, a link is present
that takes the user to a form that the user can complete to send a message
to the directory listee. The problem is that all our addresses are hidden
all the time. We would like that to change.
I see two avenues - one is to display the addresses only to hosts within the
Penn State IP space while the other is to use some sort of authentication.
I think the best way is to use CoSign, but I am running into a problem - it
appears that CoSign is an "all or nothing" product - meaning if I want Penn
State people to see the addresses I would need to create a duplicate set of
directory pages that would be protected by CoSign leaving the original set
of pages available to anonymous access. What I would like to do is to code
the page to look for the cosign cookie and if present, present a link to a
pop-up page that would first check the validity of the cookie then display
the address. Is this possible? Is there a better way that I haven't
Daniel E. Lehman
Facilities and Network Coordinator
Penn State Materials Research Institute
196 MRI Building
University Park PA 16802