We have the following setup:
-Windows 2008 R2 Standard.
-ASP.NET Web Application deployed on Microsoft IIS 7.5 Web Server.
-PHP Version 5.4.21 Non Threaded 32-bit version
-WISP (Windows, IIS, SQL Server/Express, and PHP) stack and an ASP.NET web application HTTPS ( SSL )
We will ultimately deploy an ASP.NET Web Application and a PHP Web Application on the Same IIS Server.
User will first log on to the ASP.NET Web Application, but we want the user to be able to navigate between the ASP.NET Web Application and the PHP Web Application back and forth with ease.
We are planning to implement REST-based Web Services on the ASP.NET Web Application side and PHP Application side.
The User login Framework is only on the ASP.NET Web Application side( for those familiar with ASP.NEt technologies, we are using ASP.NET Membership Framework).
As I mentioned before, User will first log on to the ASP.NET Web Application, but we want the user to be able to navigate between the ASP.NET Web Application and the PHP Web Application back and forth with ease.
Do we have to Reauthenticate the user whenever he/she navigates over from ASP.NET side to PHP side and vice versa?
Would it be reasonably secure enough to just pass over the login cookie( "Security token") when user navigates over from ASP.NET side to PHP side and vice versa?
Please feel free to suggest alternatives to the approach mentioned above( for example, some people told me to use Memcached technology to share session information between the ASP.NET Web Application and the PHP Web Application. Is Memcached Technology better than using Web Services? )