Like @Ryanthal have pointed out, impersonate the server (I'll call it consumer-server) is a good shot. For me the method your are using is common, and I'm going to use a very similar one.

A little flow you can use to impersonate your server is:

1. The consumer-server post to the login page, the user and password (an account specifically created for that server)
2. The credentials are validated, and it replies with the authentication cookie (you already do that,for the browsers)
3. The consumer-server inspect the response and sto re the authentication cookie, in it's session/memory
4. Consumer-server pass the cookie in the following GETs

For a way of reading/setting the cookie in the consumer-servers take a look here, the cookie is simply a argument passed in the response/request.

Pros:

• Unified authentication for both users (browsers) and machines (consumer-servers)
• If the server changes it's IP, you don't have to wory about
• Easier to constraint the consumer-server permissions, relying on authorization mechanisms

Cons:

• You may have to touch the consumer-servers, it may be off hand if you do not control it

Like @Ryanthal have pointed out, impersonate the server (I'll call it consumer-server) is a good shot. For me the method your are using is common, and I'm going to use a very similar one.

A little flow you can use to impersonate your server is:

1. The consumer-server post to the login page, the user and password (an account specifically created for that server)
2. The credentials are validated, and it replies with the authentication cookie (you already do that,for the browsers)
3. The consumer-server inspect the response and sto re the authentication cookie, in it's session/memory
4. Consumer-server pass the cookie in the following GETs

For a way of reading/setting the cookie in the consumer-servers take a look here, the cookie is simply a argument passed in the response/request.

Pros:

• Unified authentication for both users (browsers) and machines (consumer-servers)
• If the server changes it's IP, you don't have to wory about
• Easier to constraint the consumer-server permissions, relying on authorization mechanisms

Cons:

• You may have to touch the consumer-servers, it may be off hand if you do not control it

Like @Ryanthal have pointed out, impersonate the server (I'll call it consumer-server) is a good shot. For me the method your are using is common, and I'm going to use a very similar one.

A little flow you can use to impersonate your server is:

1. The consumer-server post to the login page, the user and password (an account specifically created for that server)
2. The credentials are validated, and it replies with the authentication cookie (you already do that,for the browsers)
3. The consumer-server inspect the response and sto re the authentication cookie, in it's session/memory
4. Consumer-server pass the cookie in the following GETs

For a way of reading/setting the cookie in the consumer-servers take a look here, the cookie is simply a argument passed in the response/request.

Pros:

Unified authentication for both users (browsers) and machines (consumer-servers) If the server changes it's IP, you don't have to wory about Easier to constraint the consumer-server permissions, relying on authorization mechanisms

Cons:

You may have to touch the consumer-servers, it may be off hand if you do not control it

Like @Ryanthal have pointed out, impersonate the server (I'll call it consumer-server) is a good shot. For me the method your are using is common, and I'm going to use a very similar one.

A little flow you can use to impersonate your server is:

1. The consumer-server post to the login page, the user and password (an account specifically created for that server)
2. The credentials are validated, and it replies with the authentication cookie (you already do that,for the browsers)
3. The consumer-server inspect the response and sto re the authentication cookie, in it's session/memory
4. Consumer-server pass the cookie in the following GETs

For a way of reading/setting the cookie in the consumer-servers take a look here, the cookie is simply a argument passed in the response/request.

Pros:

• Unified authentication for both users (browsers) and machines (consumer-servers)
• If the server changes it's IP, you don't have to wory about
• Easier to constraint the consumer-server permissions, relying on authorization mechanisms

Cons:

• You may have to touch the consumer-servers, it may be off hand if you do not control it