I have a site with two applications. The first is DNN. In DNN, I have created a page with an IFrame and point it to the second app.

In the second app, I need to know the current user. I know that I can simple add the current user to the query string, and send that across. However, this is too easily spoofed. A hacker could just add a username to the url, and the SubApp would think that person is logged in.

I have searched and searched on this. The best I have found is: http://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx

I have tried this and it does work to share httpcontext.current.user.identity.name across two applications.

However, inside the IFrame, the identity does not get shared. In other words, I log into MainApp on one tab, then open a second tab, navigate directly to the SubApp (not in the IFrame) and it immediately shows the correct identity.

But when I view the SubApp from within the IFrame, then there is no identity shared.

So I am looking for a way to solve this. The app needs to be very secure, so I can't just pass it through the query string.