How do i Set up a "SINGLE-SIGN-ON SERVER" to share credentials for mulitple asp.net applications

I need to share login credntials for applications accross domains that do not have a common ancestor, e.g.

http://secrets.com/
http://mysteries.com/

There is no way to set a cookie that is included in requests to both these domains.

In this case we need a third server, the SSO server, whose purpose is to keep track of who is logged in. When you visit a page on secrets.com, if its cookie is not set, it consults the SSO server to find if the user is already logged in, in which case it silently creates the cookie and carries on as if they had already been logged in.

Can anyone reommend a way to do this via .net - or if there are any open source solutions to do this ?
paulCardiffAsked:
Who is Participating?
 
Ted BouskillSenior Software DeveloperCommented:
Developers are allowed to build websites using the 'Live ID' (formerly passport) service.  http://dev.live.com/liveid/

I don't know of any open source projects.  This type of technology is complex to build properly if security is an issue.  Making it open source exposes weaknesses.
0
 
paulCardiffAuthor Commented:
Is this free for commerical use and can i programatically create accounts for my clients?
0
 
yossi_intlockCommented:
try this (i assume that you are working with .net v 2.0 and using forms authentication): when the user sign in to one application on a domain - encrypt the auth cookie youself - you can do it by overriding the OnAuthenticate .net method.  now when the user moves to the second domain try to read this cookie by its domain name. if you  got that cookie you can decrypt it and find out the logon credencials.  you can do that by adding a global.asax file to both applications. use the Session_Start() method for reading and decrypt the auth cookie.
i havent tested this yet but i think this might work for you.  
0
The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

 
yossi_intlockCommented:
i realize now that you cannot read a cookie that belong to A domain from B domain... :) but - you can still check the referer on Session_Start() in the global.asax file and if the referrer was A domain you can call a webservice on that A domain that can get those credentials for the A domain cookie and authenticate the user.
0
 
yossi_intlockCommented:
im glad that i could help. if the solution worked for you or you found another way please tell us so we can enrich our knowledge. thanks..
0
 
paulCardiffAuthor Commented:
Sure please review the following link for more info i.e. http://forums.asp.net/t/1005856.aspx 
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.