Best Way to Maintain User Security Token Across Multiple Servers?

Discussion in 'ASP .Net' started by Larry Page, Sep 16, 2005.

  1. Larry Page

    Larry Page Guest

    What started off as a request for a Single Sign On solution is grown to the
    point where I need to make some long term design decisions and I'm hoping to
    get some input on how others are handling the same issues. I've spent the
    last two years moving applications to an intranet web portal, which morphed
    into a Internet portal, and now is providing extranet data feeds via web
    services. The latest twist came when users began to question why they had
    to use a seperate logon to access the Internet site our Marketing department
    created independently to fill a perceived need for eye candy. This issue
    was addressed by creating a web service that the Marketing site could use to
    'pass through' logon credentials back to Active Directory.

    Sorry about the long history lesson! The current issue is, as users bounce
    from system to system they are prompted to logon to each server. What they
    want is to logon once and use every resource. I've determined I have no
    recourse but to abandon integrated authentication and use forms based. The
    question I'm posing is, which of the dozen different solutions I've read
    about is going to provide the best fit for our scenario. All of our web and
    sql servers are windows OS and the external Internet site is also built on
    dot net. I've setup an out of process state server, but don't have the
    option of bringing the external site into the domain. What I'd like to do
    is build a centralized server that would handle all security requests
    regardless of source. The only way I think of to do this would require some
    sort of token passing between systems, but I've found few practical
    examples, and no case histories.

    This is too large of a project to take a gamble on. Has anyone faced and
    conquered a similiar situation that could point me in the right direction?

    Thanks in advance,

    Larry
    Larry Page, Sep 16, 2005
    #1
    1. Advertising

  2. I have not written an app that uses this but have you looked
    into .NET Passport Authentication? Is this a good fit
    for you?

    http://msdn.microsoft.com/library/d...ml/cpconThePassportAuthenticationProvider.asp

    --
    Robbe Morris - 2004/2005 Microsoft MVP C#
    EggHeadCafe's RSS Search Engine
    http://www.eggheadcafe.com/articles/multisearch/default.aspx




    "Larry Page" <> wrote in message
    news:FHGWe.66174$...
    > What started off as a request for a Single Sign On solution is grown to
    > the point where I need to make some long term design decisions and I'm
    > hoping to get some input on how others are handling the same issues. I've
    > spent the last two years moving applications to an intranet web portal,
    > which morphed into a Internet portal, and now is providing extranet data
    > feeds via web services. The latest twist came when users began to
    > question why they had to use a seperate logon to access the Internet site
    > our Marketing department created independently to fill a perceived need
    > for eye candy. This issue was addressed by creating a web service that
    > the Marketing site could use to 'pass through' logon credentials back to
    > Active Directory.
    >
    > Sorry about the long history lesson! The current issue is, as users
    > bounce from system to system they are prompted to logon to each server.
    > What they want is to logon once and use every resource. I've determined I
    > have no recourse but to abandon integrated authentication and use forms
    > based. The question I'm posing is, which of the dozen different solutions
    > I've read about is going to provide the best fit for our scenario. All of
    > our web and sql servers are windows OS and the external Internet site is
    > also built on dot net. I've setup an out of process state server, but
    > don't have the option of bringing the external site into the domain. What
    > I'd like to do is build a centralized server that would handle all
    > security requests regardless of source. The only way I think of to do
    > this would require some sort of token passing between systems, but I've
    > found few practical examples, and no case histories.
    >
    > This is too large of a project to take a gamble on. Has anyone faced and
    > conquered a similiar situation that could point me in the right direction?
    >
    > Thanks in advance,
    >
    > Larry
    >
    >
    Robbe Morris [C# MVP], Sep 16, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. RichardF
    Replies:
    2
    Views:
    41,120
    James jameson
    Apr 16, 2008
  2. Cronus
    Replies:
    1
    Views:
    643
    Paul Mensonides
    Jul 15, 2004
  3. G Fernandes
    Replies:
    1
    Views:
    511
  4. Wessi
    Replies:
    3
    Views:
    830
    Lawrence Kirby
    Aug 11, 2005
  5. =?Utf-8?B?Y2FzaGRlc2ttYWM=?=

    This is an unexpected token. The expected token is 'NAME'

    =?Utf-8?B?Y2FzaGRlc2ttYWM=?=, Jul 13, 2007, in forum: ASP .Net
    Replies:
    2
    Views:
    770
    =?Utf-8?B?Y2FzaGRlc2ttYWM=?=
    Jul 13, 2007
Loading...

Share This Page