Do we need to use out proc sessions while implementing SSO?What will be the limitation of inproc? which is best way of implementing SSO across domain?
A:
The use of inproc session vs. persisted session has little to do with SSO. The main limitation of inproc sessions is that it won't work in a loadbalanced setup, but again, it has little to do with SSO. The easiest way to implement SSO is to use the Windows Identity Foundation (WIF), which is part of .net framework 4.0 (there is also a version that works with .net 3.5). Basically you just implement a passive STS. There are several walkthroughs out there.
klausbyskov
2010-10-12 08:57:11
I need to implement in ASP.net 2.0.
Dee
2010-10-12 08:58:57
Well, good luck with that then :-)
klausbyskov
2010-10-12 09:00:34
yeah that sucks. :) Your best bet would be a ASMX web service (intermediary server). Both domains would 'talk' to this web service to perform the SSO. And only this web service would deal with the session.
RPM1984
2010-10-12 09:11:00
A:
If both of these applications are using forms authentication then the solution is easy. All you have to do is configure the machineKey on both applications to be identical and set the domain on the forms cookie to be .exampledomain.com for both web.configs.
Soundsoldier
2010-10-15 23:16:32