Sharing login-system between classic ASP and ASP.Net

Question

A client uses classic ASP to log in to their web based backoffice.

I have written a new ASP.Net app to be included in the backoffice, and I need to utilize the alrea

Answer 1

If interception is a serious issue then you need to be running the site over HTTPS. Otherwise using the UserID + Nonce that is then hashed by the password is reasonably strong.

Alternatively you could get the ASP app to add a GUID session cookie once logon has been acheived and store that GUID in a DB table. Your ASP.NET can look up the GUID from the cookie to see if logon has been acheived. If you include the ASP session cookie value in the table you can make reasonably sure that the current ASP session is the same session that was used when the GUID was created.