using user:pw@domain.com in location header

[pickled]

I think I posted this in the wrong section last night. sorry about that.

 

We have 2 servers for our site.  boxa.mydomain.com and boxb.mydomain.com.

 

Boxb is the IIS server.  Boxa is linux.

 

On a page on boxa, if I have an href link pointing to a secured page on boxb.mydomain.com, the page will work if it's referenced by http://user:pw@boxb.mydomain.com.

 

However, if I try to access it directly in php, such as header( "Location:http://user:pw@boxb.mydomain.com" ), it prompts the user for a user name and password.

 

Same thing happens if I try to use a file open across servers.

 

I've tested it by having it echo the href instead of doing the header location, and if I copy and paste the string into a url, it works fine.

 

My only guess is I'm missing some kind of header field, but I can't figure out which one it could be.

 

We have to keep the referenced pages on boxb secure.  Putting the user:pw on links to those pages would be risky too.

 

There HAS to be a way to access the secure pages without prompting the user for a userid and password.

 

Any ideas?

 

[premiso]

I think you are up a creek on this one. You may be able to use curl but I do not know how that would work.

 

Other than that, I do not think it is possible. I could be wrong, a quick google and I pulled up no results.

 

Cross-domain login is tricky. You could try and linking the two databases, then sending a hash to the other server which would "validate" the user upon arrival. But you would have to be able to access the IIS server mysql on the linux box and vice versa. Which is not really hard to do, and can be relatively safe by allowing it from x server's IP with a hard to guess login/pass.

 

Not much help, but figured you might as well get a jump on alternatives.

[pickled]

Ick.

 

What confuses me is that the php docs suggest it should work.

 

Even some of the php docs mentioned including the user:pw in the url when accessing some data.

 

The fact that it works if you use the user:pw in the url just confounds me if it isn't possible except as a clicky link.

 

I've tried searching google on this, but sadly the relevent words are just too common.  But I can't be the only one who has needed to do this.

 

Thanks for your response though.

[pickled]

I think you are up a creek on this one. You may be able to use curl but I do not know how that would work.

 

Other than that, I do not think it is possible. I could be wrong, a quick google and I pulled up no results.

 

Cross-domain login is tricky. You could try and linking the two databases, then sending a hash to the other server which would "validate" the user upon arrival. But you would have to be able to access the IIS server mysql on the linux box and vice versa. Which is not really hard to do, and can be relatively safe by allowing it from x server's IP with a hard to guess login/pass.

 

Not much help, but figured you might as well get a jump on alternatives.

 

Exploring curl right now.  I'm not sure what you mean by linking the two mysql databases.  As it happens, the linux box (boxa) can access the mysql database on boxb already.  But the user/pw is part of the iis server security and not part of any application security.