Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

What options exist for Single Sign-On and ASP.NET 4.0?

Posted on 2011-03-04
5
Medium Priority
?
397 Views
Last Modified: 2012-05-11
I have an MVC3 and Dynamic Data website that need a single sign on.

1) Can I use Windows Authentication? If so, how?
2) I am not too interested in using MS Passport
3) What other methods exist?
4) What kind of home grown solutions might there be?

Thanks,
newbieweb
0
Comment
Question by:newbieweb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 

Author Comment

by:newbieweb
ID: 35039926
5) Shared memory?
0
 

Author Comment

by:newbieweb
ID: 35040172
6) Shared Cookies?
0
 
LVL 33

Assisted Solution

by:Todd Gerbert
Todd Gerbert earned 2000 total points
ID: 35041375
1) Yes, but there are some caveats so it may not make sense in your environment.  It's probably most useful in a corporate intranet environment, where all web sites, users and computers are in the same domain (or forrest).  If all the client computers are using Internet Explorer, and the option to logon automatically for the applicable zone (or enforced with Group Policy), then you can use the WindowsTokenRoleProvider along with the built-in ASP.Net authentication and authorization mechanisms (http://msdn.microsoft.com/en-us/library/system.web.security.windowstokenroleprovider.aspx, http://msdn.microsoft.com/en-us/library/ff647401.aspx).  This achieves the effect of SSO since an interactive login is never seen, users are sliently logged into websites with whatever credentials they used to log onto their workstation.  I'm relatively certain that any browser other than IE won't behave this way.

2) Okie doke.

3) This article outlines a good alternative: http://aspalliance.com/1513_Cross_Site_Authentication_and_Data_Transfer.all

4) I'm not sure, but it may be possible for more than one site to use the SqlRoleProvider and share the same backing database.  When going from site 1 to site 2, you can pass a base64/Url-encoded encrypted string containing the user's name & password as a QueryString parameter which the landing page in site 2 can retrieve and use to attempt to login.  Or put the encrypted string in a <input type="hidden"> field on a form in site 1 that posts back to the landing page in site 2 (so the user won't see it on the URL).

6) I'm not sure how or if that would work - I was under the impression that sites are only able to retrieve their own cookies, which would present a problem for cross-site authentication.  I'm a little foggy on those details though, so I better leave that for someone else more knowledgeable on the topic to elaborate.
0
 
LVL 33

Accepted Solution

by:
Todd Gerbert earned 2000 total points
ID: 35041483
Another option: Forms Authentication Across Applications, http://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx
0
 

Author Closing Comment

by:newbieweb
ID: 35056613
Forms Authentication Across Applications seems just right. Thanks :)
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is for Object-Oriented Programming (OOP) beginners. An Interface contains declarations of events, indexers, methods and/or properties. Any class which implements the Interface should provide the concrete implementation for each Inter…
A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question