A newbie question on SSO

Discussion in 'ASP .Net Security' started by Holysmoke, Oct 8, 2004.

  1. Holysmoke

    Holysmoke Guest

    Hi,

    I am trying to implement a SSO using FormsAuthentication for all my
    applications.
    When Authenticated, I am saving ApplicationID and RoleID in CSV form and
    store it on the cookie.

    Here is the sequence of events I try to implement

    When an user requests an web application for the first time, he/she is
    redirected to my SSO Web application
    which does authentication and retrieves list of applications and its
    respective roles and store on the ticket/cookie.

    When the user requests a new web application (ie., when he/she changes to
    the new url)
    I would like to pass the Ticket(cookie) which I have created before to a web
    service and check this user
    has some role to this application or not.

    For implementing this logic,
    I would like to know which global.asax event should I use? I see
    OnAuthenticationRequest event but don't know
    how to use it. Can you explain how that event works as I see little
    documentation about it in MSDN.

    I appreciate your help and comments,

    Holy
    Holysmoke, Oct 8, 2004
    #1
    1. Advertising

  2. Hi Holy,

    Here is a post that will show you SSO with Forms Authentication.

    http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx

    If you want further insight about roles management with forms, check out
    these links as well.

    http://weblogs.asp.net/hernandl/archive/2004/07/30/FormsAuthRolesRev.aspx
    http://weblogs.asp.net/hernandl/archive/2004/08/05/FormsAuthRoles2.aspx

    Regards.
    --
    Hernan de Lahitte
    Lagash Systems S.A.
    http://www.lagash.com
    http://weblogs.asp.net/hernandl

    "Holysmoke" <> escribió en el mensaje
    news:...
    > Hi,
    >
    > I am trying to implement a SSO using FormsAuthentication for all my
    > applications.
    > When Authenticated, I am saving ApplicationID and RoleID in CSV form and
    > store it on the cookie.
    >
    > Here is the sequence of events I try to implement
    >
    > When an user requests an web application for the first time, he/she is
    > redirected to my SSO Web application
    > which does authentication and retrieves list of applications and its
    > respective roles and store on the ticket/cookie.
    >
    > When the user requests a new web application (ie., when he/she changes to
    > the new url)
    > I would like to pass the Ticket(cookie) which I have created before to a
    > web
    > service and check this user
    > has some role to this application or not.
    >
    > For implementing this logic,
    > I would like to know which global.asax event should I use? I see
    > OnAuthenticationRequest event but don't know
    > how to use it. Can you explain how that event works as I see little
    > documentation about it in MSDN.
    >
    > I appreciate your help and comments,
    >
    > Holy
    Hernan de Lahitte, Oct 8, 2004
    #2
    1. Advertising

  3. Holysmoke

    Holysmoke Guest

    Hi Hernan,

    Can you explain what how to handle in code for this scenario.

    A user asks for an application 1 by typing the url.
    First time he/she is redirected to SSO
    Signs in successful and access the application 1
    now he types url the new application 2 which he has no roles defined

    Now I decrypt the ticket and found no roles defined for this application.
    I want to redirect to a page saying you have no access.
    I don't want to config on web.config or from the code of every page.

    Is it possible to do something simple in AuthenticateRequest event?

    TIA,
    Holy

    Now i would like to say you have no access,

    How to

    "Hernan de Lahitte" wrote:

    > Hi Holy,
    >
    > Here is a post that will show you SSO with Forms Authentication.
    >
    > http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx
    >
    > If you want further insight about roles management with forms, check out
    > these links as well.
    >
    > http://weblogs.asp.net/hernandl/archive/2004/07/30/FormsAuthRolesRev.aspx
    > http://weblogs.asp.net/hernandl/archive/2004/08/05/FormsAuthRoles2.aspx
    >
    > Regards.
    > --
    > Hernan de Lahitte
    > Lagash Systems S.A.
    > http://www.lagash.com
    > http://weblogs.asp.net/hernandl
    >
    > "Holysmoke" <> escribió en el mensaje
    > news:...
    > > Hi,
    > >
    > > I am trying to implement a SSO using FormsAuthentication for all my
    > > applications.
    > > When Authenticated, I am saving ApplicationID and RoleID in CSV form and
    > > store it on the cookie.
    > >
    > > Here is the sequence of events I try to implement
    > >
    > > When an user requests an web application for the first time, he/she is
    > > redirected to my SSO Web application
    > > which does authentication and retrieves list of applications and its
    > > respective roles and store on the ticket/cookie.
    > >
    > > When the user requests a new web application (ie., when he/she changes to
    > > the new url)
    > > I would like to pass the Ticket(cookie) which I have created before to a
    > > web
    > > service and check this user
    > > has some role to this application or not.
    > >
    > > For implementing this logic,
    > > I would like to know which global.asax event should I use? I see
    > > OnAuthenticationRequest event but don't know
    > > how to use it. Can you explain how that event works as I see little
    > > documentation about it in MSDN.
    > >
    > > I appreciate your help and comments,
    > >
    > > Holy

    >
    >
    >
    Holysmoke, Oct 8, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. CV
    Replies:
    1
    Views:
    630
    bruce barker
    Oct 6, 2004
  2. daniel
    Replies:
    3
    Views:
    625
    Scott Allen
    Feb 2, 2005
  3. Lucas Tam

    Java SSO - Is this a standard?

    Lucas Tam, Mar 10, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    453
    Joerg Jooss
    Mar 10, 2005
  4. =?Utf-8?B?QVZM?=

    sso

    =?Utf-8?B?QVZM?=, Apr 4, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    571
    =?Utf-8?B?QVZM?=
    Apr 4, 2005
  5. Rick Z

    SSO in WebApplication, Help

    Rick Z, Sep 25, 2004, in forum: Java
    Replies:
    1
    Views:
    370
    Oscar kind
    Sep 26, 2004
Loading...

Share This Page