Can SiteB Restrict Access Only to Users Authenticated on Site A? How?

Question

I have recently been asked to estimate a piece of work which will provide functionality for authenticated users to access our site. The thing is, the user has to authenticate on a different site & domain to the one we are hosting.

The user authenticates on SiteA.com and they are provided with a link to our site, SiteB. Only users who have authenticated on SiteA are allowed to access SiteB.com.

I don't yet know what authentication system SiteA is using, but I thought I'd ask the community for some initial thoughts. Is this even possible? What do I need to consider?

Thanks

Answer 1

Single Sign On is possible using Forms Authentication. Here are the steps:

1. Configure both sites for forms authentication and setup same machine keys (this is important for step 4).
2. User authenticates on SiteA.com and a cookie is issued for him on this site.
3. Forge a link on SiteA that would POST a form containing the authentication cookie value in a hidden field to a page on SiteB.com that doesn't require authentication (make sure you post only over HTTPS).
4. The page on SiteB.com reads the value of the posted token, decrypts it and issues an authentication cookie for SiteB.com using FormsAuthentication.GetAuthCookie
5. Redirect to the authenticated part of SiteB.com