Cross Application Authentication and Session sharing
Posted on 2007-11-28
Hey there guys,
I have been devloping an app here at work for the last few months now. Originally i had multiple applications witht he websites content pages as one of the applications and as the "landing" application of the domain. The user could then navigate to another application via a virtual directory setup pointing to it and login. The third application also requires login but when the user bounced from one app (already logged in) to this one, they had to login again. other issues with this was holding a session of the users first and last name to be displayed on all applications as they browsed.
This type of setup evolved into one master app (or god app) that housed all three applications and then allowed use to naviagte around them holding authentication and sessions.
This last week i have grown increasingly nervous of this type of setup. There just is no failsafes built in, if one app is update the entire "god app" has be be republished, or if there is an issue with app two, all applications need to be brought down. I just don't like it.
So after months of work i am going to propose to my boss seperating the apps once again, with some sort of system between them to hold authentication information as they bounce from app to app and also hold sessions as they navigate around.
This is where i need help. the "god app" currently uses forms authentication. Can someone give me some resources on Cross Application Authentications and holding sessions accross applications.