Solved

How do i Set up a "SINGLE-SIGN-ON SERVER" to share credentials for mulitple asp.net applications

Posted on 2007-12-01
6
391 Views
Last Modified: 2008-02-01
I need to share login credntials for applications accross domains that do not have a common ancestor, e.g.

http://secrets.com/
http://mysteries.com/

There is no way to set a cookie that is included in requests to both these domains.

In this case we need a third server, the SSO server, whose purpose is to keep track of who is logged in. When you visit a page on secrets.com, if its cookie is not set, it consults the SSO server to find if the user is already logged in, in which case it silently creates the cookie and carries on as if they had already been logged in.

Can anyone reommend a way to do this via .net - or if there are any open source solutions to do this ?
0
Comment
Question by:paulCardiff
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 51

Accepted Solution

by:
Ted Bouskill earned 250 total points
ID: 20388919
Developers are allowed to build websites using the 'Live ID' (formerly passport) service.  http://dev.live.com/liveid/

I don't know of any open source projects.  This type of technology is complex to build properly if security is an issue.  Making it open source exposes weaknesses.
0
 

Author Comment

by:paulCardiff
ID: 20388932
Is this free for commerical use and can i programatically create accounts for my clients?
0
 
LVL 2

Expert Comment

by:yossi_intlock
ID: 20389215
try this (i assume that you are working with .net v 2.0 and using forms authentication): when the user sign in to one application on a domain - encrypt the auth cookie youself - you can do it by overriding the OnAuthenticate .net method.  now when the user moves to the second domain try to read this cookie by its domain name. if you  got that cookie you can decrypt it and find out the logon credencials.  you can do that by adding a global.asax file to both applications. use the Session_Start() method for reading and decrypt the auth cookie.
i havent tested this yet but i think this might work for you.  
0
Supports up to 4K resolution!

The VS192 2-Port 4K DisplayPort Splitter is perfect for anyone who needs to send one source of DisplayPort high definition video to two or four DisplayPort displays. The VS192 can split and also expand DisplayPort audio/video signal on two or four DisplayPort monitors.

 
LVL 2

Assisted Solution

by:yossi_intlock
yossi_intlock earned 250 total points
ID: 20389319
i realize now that you cannot read a cookie that belong to A domain from B domain... :) but - you can still check the referer on Session_Start() in the global.asax file and if the referrer was A domain you can call a webservice on that A domain that can get those credentials for the A domain cookie and authenticate the user.
0
 
LVL 2

Expert Comment

by:yossi_intlock
ID: 20392308
im glad that i could help. if the solution worked for you or you found another way please tell us so we can enrich our knowledge. thanks..
0
 

Author Comment

by:paulCardiff
ID: 20392641
Sure please review the following link for more info i.e. http://forums.asp.net/t/1005856.aspx 
0

Featured Post

Optimum High-Definition Video Viewing and Control

The ATEN VM0404HA 4x4 4K HDMI Matrix Switch supports 4K resolutions of UHD (3840 x 2160) and DCI (4096 x 2160) with refresh rates of 30 Hz (4:4:4) and 60 Hz (4:2:0). It is ideal for applications where the routing of 4K digital signals is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
This video teaches viewers how to create their own website using cPanel and Wordpress. Tutorial walks users through how to set up their own domain name from tools like Domain Registrar, Hosting Account, and Wordpress. More specifically, the order in…
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question