views:

270

answers:

1

Hi Guys,

We are trying to build a cross-domain single-sign on solution using ASP.NET MVC.

Any existing solutions or tutorials available ?

+7  A: 

If you web applications are on the same server and same domain then all you need to do is insure that the Validationkey and encryption key are the same in the web config (machineKey).

In your example you will need to append the authentication ticket to the query string, to transport it back to the other domain, for example:

public void Login(string userName, string password)
{
    if(AuthenticateUser(userName,password))
    {
        Response.Redirect(String.format("{0}?{1}={2}"), 
            Request.QueryString["ReturnUrl"],
            FormsAuthentication.FormsCookieName,
            FormsAuthentication.GetAuthCookie(userName, false).Value));
    }
}

On the local application you have to enable cookieless forms authentication, and allow authenticated users to come from external applications by setting enableCrossAppRedirect.

<authentication mode="Forms">
    <forms enableCrossAppRedirect="true" cookieless="useUri" />
</authentication>
AJ