ansaurus

Question

Implementing a Single Sign On solution for web applications?

Answer 1

A:

If you are from a U.S. university, I would investigate Shibboleth, which is a standard SSO auth provider used by many schools.

It also doubles as a mechanism to verify that a user on other, non-school web sites, are in fact students. Microsoft uses this, for example, to verify student status prior to giving students free download access to software on DreamSpark.

David Pfeffer 2010-02-23 20:31:46

Thanks, I did see something on Stanford's site comparing WebAuth and Shibboleth. Kerberos protocol was where I had gotten a little lost, but I will take another look. Thanks again.

dajohnson1s 2010-02-24 00:30:58

Answer 2

A:

The grand-daddy of all single-sign on systems is Kerberos - which was developed at MIT in the 1980's. It might be overkill for a simple web single-sign on but it's comprehensive and supported by every OS.

http://www.kerberos.org/

Michael Mullany 2010-02-23 20:34:18

I read about kerberos when looking into WebAuth. Stanford's infrastructure seems pretty awesome (and complex), so I had a hard time relating that to what I know about our current setup. But I will look into this in more detail. Thanks.

dajohnson1s 2010-02-24 00:28:26

Answer 3

+1 A:

The emerging solution to SSO challenges is Claims-Based Identity based on Open Standards.

On the .NET platform, Microsoft now offers Windows Identity Foundation (WIF) that provides building blocks for enabling (web) applications with these protocols.

I don't know which frameworks are available on other platforms, but it's important to keep in mind that WIF is just Microsoft's implementation of these open standards, so (in theory at least) it should work with other platforms as well.

Mark Seemann 2010-02-23 20:51:03

In my opinion it is the best solution especially if you already have Windows infrastructure.

Regent 2010-02-24 09:49:54

Answer 4

A:

Check out LDAP? Something like:

using System.DirectoryServices;

private bool AuthenticateUser(string username, string password)
    {
        String strLdap = "LDAP://YOURACTIVEDIRECTORYSERVER/CN=" + username + ",OU=" + username[0];
        user = new DirectoryEntry(strLdap, username, password, AuthenticationTypes.Secure | AuthenticationTypes.Encryption);
        try
        {
            // Bind to the native AdsObject to force authentication.
            Object obj = user.NativeObject; // Will throw an exception if not authenticated
            return true; // User is authenticated
        }
        catch
        {
            return false; // User is not authenticated            
        }
    }

Daniel Coffman 2010-02-23 21:24:11

LDAP is not a Single Sign On solution by itself, but it can be a part of a greater picture.

Regent 2010-02-24 09:45:45

Answer 5

A:

You could look at implement OpenID??

Jason Roberts 2010-02-24 12:17:04

Answer 6

A:

Look into SAML: http://en.wikipedia.org/wiki/Security_Assertion_Markup_Language

JonoW 2010-02-24 12:27:16

ansaurus

tags:

views:

answers:

Implementing a Single Sign On solution for web applications?

related questions