Custom authentication from third party in ASP.net/MVC

Question

I'm trying to wrap up a custom authentication system for internal use for a project I'm working on in MVC.

We currently have a partner that hosts an external site with forms authentication. Certain sections of this site redirect to a section on our internal site. Passed along with this redirection is an id and a session id. They provide a web service that we can then verify that this user is authenticated on the original site.

Is there a way to wrap this up into some sort of custom provider or authentication attribute in ASP.net? I would prefer to create something reusable to share with others working in my same environment.

Thanks!

EDIT The method of authentication is not something I'm looking to change. I'm just looking for the best way to wrap this up so it's reusable internally. I was initially thinking a custom membership provider, but it's not really a username/password type situation.

Answer 1

You could look at Single-Sign On (SSO) solutions that are designed for this, more particularly with SAML bindings, for example Shibboleth.

Answer 2

You can do a custom membership provider, even without a username and password. You just need to implement MembershipProvider. I would only actually put code in ValidateUser(string username, string password). Pass the user ID with the uaername string, and the session id with the password string... do the validation, and pass back true or false. You can add more features as you need to.