I am looking to implement single sign on for two applications on different domain. Both the applications are in .Net 3.5. I understand I need
A user tries to access a web page of Website1. The system identifies that the user is not logged in, so redirects the user to the Login Website. Once the user provides correct login information an authentication cookie is created for Login Website and the user is redirected to Website1 along with an authentication token. Website1 receives this authentication token and after checking the validity grants access to user by creating an authentication cookie for Website1.
The user then moves to Website1. The Website2 detects the authentication cookie for Website2 is not available so redirects the user to the Login Website. The Login Website already knows who the user is, so redirect the user back to Website2 along with an authentication token. Website2 receives this authentication token and after checking the validity grants access to user by creating an authentication cookie for Website2.
Is there a library or software already available for this? I know the development effort here is not much but still if there is any then I would like to check.
Secondly if we develop this solution then how to check the authentication token? Is it by using some encryption or the website1 and website2 makes some webservice call to Login Website to confirm the token.