I created a home grown Single Sign-On and have it working where one site has a button which opens up the second website. I create a link with username and a time stamp and read the "un" and "ts" variables in the Global.asax.cs Session_Start() succesfully.
It's working fine, but it's not yet endoded. I am testing it internally, and never expect to release it over the web. It's an internal website for internal use.
I do plan to encrypt the username and timestamp later. For now, please explain if I need to add HTML encoding, and why I need it.