Single Sign On in asp.net 3.5 c#

0
votes

in default website i have 2 asp.net web application App1 and App2.both has same login control when user logins username and password is validated in users table in sql database.logined user information are stored in 3 session variables. after login app1 redirects to profile.aspx and app2 redirects to dashboard.aspx. profile.aspx has a link app2 and dashboard.aspx has link app1.if user clicks on the link he should be already login for that application. if user logout from any one application he should get logout for both application.

how to put above sso feature in my App1 and App2

3
asp.netformsauthenticationimplementationsingle-sign-on

3 Answers

0
votes

I suggest you take a look at Windows Identity Foundation.

0
votes

Are the applications going to be in the same domain? If it is then all you need to do is set the forms authentication of App 2 to App 1 or the other way around, and make sure you have the same machine key specified for both applications. This article gives more explanation on how to implement SSO in sub-domain: http://www.codeproject.com/Articles/27576/Single-Sign-on-in-ASP-NET-and-Other-Platforms

0
votes

I am assuming forms authentication is used in your application. Forms authentication generates authentication ticket to validate consequent user requests and uses "machine key" to sign the authentication ticket. By having same machine key for all applications will resolve the issue. However, there are different scenarios to be considered depending on the scope of the applications which needs to be integrated.

  1. Configured as virtual directories inside same domain
  2. Configured as sub domains
  3. Completely two different sites

1 and 2 can be resolved by specifying same machine key in web.config.

3 requires custom solution such as passing encrypted parameters via query string.

More information on machine key can be found here.