Can anyone give me some suggestions...at this point I will go for any suggestion!!
Two servers, a web server and a Crystal Reports server
Internal security (LAN) is not an issue, the WAN security is an issue
Users login to the web server. From there they click a hyperlink which needs to pull a report on the Crystal Reports server
Users currently are assigned a session variable when they login to the web server.
Both servers running IIS 5.0
How can I securely pass user info to the Crystal server without forcing them to login again? Do I only allow the Crystal reports server to accept requests from a certain referrer? IP? Is this possible?
I assume you are using ASP (the session variable,etc.). Why not have an ASP file, which verifies users, pulls the Report file itself (there is no hyperlink for directly pulling off the file) from the server, and directs it to the user's browser for download (you need to change the HTTP headers to change the content-type via ASP). This way, your users interact only with the ASP page, not the server directly.
Of course, this way, the only access to the Reports server is via your own web server.