tags:

views:

834

answers:

2
+1  Q: 

SSO across different domains

How can I implement single sign on across domains? I have two or more domains and I want all of them to authenticate through one server using SqlMembershipProvider (ASP.NET 2.0 membership database) I have domain foo.com which hosts the asp.net membership database and another domain bar.com which wants to authenticate through foo.com. I found a lot of article over the internet for different application but in the same domain but different domains i didn't found a full article describes the cycle, I saw some using FormsAuthenticationTicket class or FormsAuthentication class. I know machineKey in web.config should be the same. I thought it's easy by letting foo.com once he is authenticated just duplicate the authentication cookie and change the cookie's domain from foo.com to bar.com but i figured out that i can't control others domain cookies! So is there any way to make it works?

Thank you and regards, Ahmed

A: 

It's not an easy question, but I can give you a few hints.

In order to work with the ASP.NET web.config settings that allow anonymous access or require a user to be signed in, you need to create a module that hooks HttpApplication.EndRequest, and checks for HTTP error 401 (this means authentication is needed).
Reset the error code and redirect to your single sign-on site. Here you can sign on as usual.

The hardest part now starts: you need to transmit the user credentials over the wire to the other server in a secure way. You can do this with symmetric encryption and a shared secret, or by exchanging a secret over asymmetric encryption.

The HttpModule on the other side now picks up the redirect back from the login site, checks that the login ticket is valid, and replaces HttpContext.User (be sure to encapsulate the existing user, if there is one, so you can route the IsInRole call to that IPrincipal).

Sander Rijken  2009-02-24 20:58:54
A: 

can you give me an example about how to handle HTTP status code from HttpModule? and still i want to authenticate the user using normal asp.net-membership (aspnetdb)? And another question, which part in asp.net is handling redirect to the login page and add the referrer to ReturnUrl query string as a relative path not the full path, i want to handle it to start redirect to the full path. Also what about web services, is it possible that I can authenticate through a web server? and how?

Pr0fess0rX  2009-03-02 00:38:37

related questions

Store user id in Principal or Identity? ASP.Net/OpenID.
Converting Single DB ASP.NET Site into MultiTenant - Membership and Roles Dilema
customize asp.net membership by changing "userid" type to integer
ASP Membership cannot handle encrypted connection strings in web.config
what is the best way to make some pages in asp.net require login?
Looking for a Yahoo Groups (CMS) replacement
Why should I Use ASP.NET Membership security model?
ASP.NET: Does implementing a custom MembershipProvider class needs you to implement a custom Membership class too?
How to set the Principal in an ASP.Net app
How can you test if an ASP.NET membership password will meet configured complexity requirements?
ExpressionEngine Multiple Site Manager and Member Groups
Locking out a user in an ASP .Net Custom Membership Provider
ASP.NET Application to authenticate to Active Directory or SQL via Windows Authentication or Forms Authentication
Not using e-mail address in a custom MembershipProvider?
How to get current user in Asp.Net MVC
programmatic login with .net membership provider
ASP.NET Forms Authentication With Only UserName
Unit test Custom membership provider with NUnit throws null reference error
How to access UserId in ASP.NET Membership without using Membership.GetUser() ?
How can I wire users with their respective folders in ASP.NET?
Grabbing Users with a specific value in their profile
How do you pass an authenticaticated session between app domains
What's the best way to authenticate over WCF?
Memcached chunk limit
ASP.NET Site Maps