How to read an aspx page response from PHP site

I am working in coordination with the pHp developer, he is sending me some username, key at my aspx page and on that basis i am checking the au开发者_如何转开发thenticity from the DB, if authentic user then i'll do response.write("YES"), if not then i'll do response.write("NO"). The PHP developer saying that he will read my response.write and on that basis he will allow the user to get logged in to his PHP site i want to know how will he read My response.write from ASPX page. He was saying he will read it, and will put it in session, i am very confused how will he read my response.write. Would you please light on it.

The web is based on requests and responses. A user goes to a link, say www.yoursite.com/page.aspx. By hitting that site, the user is "requesting" data. Since you have ASP.NET set up, the request will be handled and your code for page.aspx will be run. The code for that page may use a lot of built in ASP.NET controls and code, but in reality the result is writing out a "response". That response gets sent back to the user with some header information. The response gets read by the browser and viola, the user sees your page.

In your example, something very similar would be going on. His PHP site would just be making a request for yoursite.com/login.aspx?username=test&password=test (note: DO NOT put the username/password in the querystring as plaintext like this). Your ASP.NET page will form a response that his PHP site can read, and based on its own internal logic, it can create a session variable to say the user is logged in. He's not literally reading the Response.Write() code, he's reading the result of it. I'm not positive what the exact syntax of the PHP response read would look like, but I'm positive that there is some built-in framework feature that would allow him to do that.

That said, it seems like a really bad idea unless you have a lot of security measures in place. Your page has to be 100% sure that the request is coming from his PHP site. His PHP site has to be 100% sure that the response is coming from your ASP.NET site. On top of that, you'll have to encrypt the username/password he's sending to you so it's not just sent in plain text from site to site.