Cross Domain Auto Login

Discussion in 'ASP .Net Security' started by grimgroups@gmail.com, Dec 30, 2004.

  1. Guest

    I have multiple asp.net websites living in different domains. The
    websites (pages, code, etc) are all identical. The databases driving
    the websites are different. This is not a web farm.

    I use Forms Authentication as the authentication method against custom
    users and passwords stored in the databases. Assume the user/password
    information is replicated across all the databases.

    I would like to provide seamless navigation across the websites. In
    other words, if the user has logged into website A and they click a
    link which leads them to website B, I don't want them to have to login
    with the same credentials on website B.

    One solution is to save the credentials they used in session and then
    pass them as url parameters to the login page. The login page would
    have to know how to use the parameters. This is obviously a large
    security hole and generally bad practice.

    Another idea is to again save the credentials in session and manually
    post to the login page with the credentials as post parameters (assume
    ssl). The trick is to save the resulting cookie and reuse it when
    redirecting the user to the requested page on the new website. I can't
    get this working for a number of reasons and thought I would post here
    to see if this has been done before or if anyone had any other ideas on
    this topic.

    Thanks.
    Grim
     
    , Dec 30, 2004
    #1
    1. Advertisements

  2. I think it might be of some help this post:
    http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx

    Regards,

    Hernan de Lahitte
    http://weblogs.asp.net/hernandl
    http://www.lagash.com/english/index.html

    <> wrote in message
    news:...
    >I have multiple asp.net websites living in different domains. The
    > websites (pages, code, etc) are all identical. The databases driving
    > the websites are different. This is not a web farm.
    >
    > I use Forms Authentication as the authentication method against custom
    > users and passwords stored in the databases. Assume the user/password
    > information is replicated across all the databases.
    >
    > I would like to provide seamless navigation across the websites. In
    > other words, if the user has logged into website A and they click a
    > link which leads them to website B, I don't want them to have to login
    > with the same credentials on website B.
    >
    > One solution is to save the credentials they used in session and then
    > pass them as url parameters to the login page. The login page would
    > have to know how to use the parameters. This is obviously a large
    > security hole and generally bad practice.
    >
    > Another idea is to again save the credentials in session and manually
    > post to the login page with the credentials as post parameters (assume
    > ssl). The trick is to save the resulting cookie and reuse it when
    > redirecting the user to the requested page on the new website. I can't
    > get this working for a number of reasons and thought I would post here
    > to see if this has been done before or if anyone had any other ideas on
    > this topic.
    >
    > Thanks.
    > Grim
    >
     
    Hernan de Lahitte, Jan 3, 2005
    #2
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Infant Newbie
    Replies:
    2
    Views:
    3,489
    Infant Newbie
    Nov 12, 2003
  2. Replies:
    1
    Views:
    3,669
    CyberOwl
    Sep 7, 2009
  3. Martin Doyle

    Cross-domain cookie synchronisation

    Martin Doyle, Apr 20, 2005, in forum: Java
    Replies:
    0
    Views:
    1,065
    Martin Doyle
    Apr 20, 2005
  4. =?Utf-8?B?V2FyYW4=?=

    Auto-Suggested Textbox like google auto suggest

    =?Utf-8?B?V2FyYW4=?=, Apr 20, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    8,759
    inrakeshworld
    Jul 27, 2007
  5. Replies:
    0
    Views:
    407
  6. legendbb
    Replies:
    0
    Views:
    790
    legendbb
    May 9, 2006
  7. Stian Lavik
    Replies:
    1
    Views:
    904
    Danno
    May 24, 2006
  8. Replies:
    2
    Views:
    294
Loading...