SSO with Shared Credential Repository or what?
Posted on 2008-06-22
We are next to develop a small network of portals starting from a first successful one.
Now since I'm the developer (the only one...) the first issue to deal with was having a single authentication system for all the network.
We will first port the site from ASP to ASP.NET and then clone it for the network. This means I'll write the portal from basics using the advantages of ASP.NET.
I ready many useful posts on the net about SSO and about SSO with a Shared Credential Repository (SCR) in .NET but none of those went far from "how" you develop it.
My problem is not how to setup the login/cookie thing but how to manage users AFTER their id and pass has been checked.
I mean, after the user is logged, I may have different roles in one application and other roles in another one. He may be an editor in one application and only a reader in the other one, or maybe have mixed roles based on categories of the contents in both applications.
Also when this user insert something in that application db (for example an article), how do I tied the article to that user in that application DB if I don't have a user db there but is in a shared repository?
To better understand here is a pratical example:
We have 2 portals making up the network: dogs and cats
In the dogs portal the user can write articles in the categories "dog therapy", "dog food".
In the cats portal the user can write in articles in the category "how dogs beat cats up!"
The problem I'm facing is how to manage this kind of situation with a SSO and how I bind the records (the articles) to the user with a Shared Repository.
And if I don't use a Shared Repository ho can I sync several user credientials and profiles over severals DBs of the portal network?
This is the real question ..... and I found no hint on the net.
Thanks in advance.