Cross Domain Auto Login

Discussion in 'ASP .Net Security' started by grimgroups@gmail.com, Dec 30, 2004.

  1. Guest

    I have multiple asp.net websites living in different domains. The
    websites (pages, code, etc) are all identical. The databases driving
    the websites are different. This is not a web farm.

    I use Forms Authentication as the authentication method against custom
    users and passwords stored in the databases. Assume the user/password
    information is replicated across all the databases.

    I would like to provide seamless navigation across the websites. In
    other words, if the user has logged into website A and they click a
    link which leads them to website B, I don't want them to have to login
    with the same credentials on website B.

    One solution is to save the credentials they used in session and then
    pass them as url parameters to the login page. The login page would
    have to know how to use the parameters. This is obviously a large
    security hole and generally bad practice.

    Another idea is to again save the credentials in session and manually
    post to the login page with the credentials as post parameters (assume
    ssl). The trick is to save the resulting cookie and reuse it when
    redirecting the user to the requested page on the new website. I can't
    get this working for a number of reasons and thought I would post here
    to see if this has been done before or if anyone had any other ideas on
    this topic.

    Thanks.
    Grim
     
    , Dec 30, 2004
    #1
    1. Advertising

  2. I think it might be of some help this post:
    http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx

    Regards,

    Hernan de Lahitte
    http://weblogs.asp.net/hernandl
    http://www.lagash.com/english/index.html

    <> wrote in message
    news:...
    >I have multiple asp.net websites living in different domains. The
    > websites (pages, code, etc) are all identical. The databases driving
    > the websites are different. This is not a web farm.
    >
    > I use Forms Authentication as the authentication method against custom
    > users and passwords stored in the databases. Assume the user/password
    > information is replicated across all the databases.
    >
    > I would like to provide seamless navigation across the websites. In
    > other words, if the user has logged into website A and they click a
    > link which leads them to website B, I don't want them to have to login
    > with the same credentials on website B.
    >
    > One solution is to save the credentials they used in session and then
    > pass them as url parameters to the login page. The login page would
    > have to know how to use the parameters. This is obviously a large
    > security hole and generally bad practice.
    >
    > Another idea is to again save the credentials in session and manually
    > post to the login page with the credentials as post parameters (assume
    > ssl). The trick is to save the resulting cookie and reuse it when
    > redirecting the user to the requested page on the new website. I can't
    > get this working for a number of reasons and thought I would post here
    > to see if this has been done before or if anyone had any other ideas on
    > this topic.
    >
    > Thanks.
    > Grim
    >
     
    Hernan de Lahitte, Jan 3, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Infant Newbie
    Replies:
    2
    Views:
    3,267
    Infant Newbie
    Nov 12, 2003
  2. Replies:
    1
    Views:
    3,478
    CyberOwl
    Sep 7, 2009
  3. =?Utf-8?B?V2FyYW4=?=

    Auto-Suggested Textbox like google auto suggest

    =?Utf-8?B?V2FyYW4=?=, Apr 20, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    8,535
    inrakeshworld
    Jul 27, 2007
  4. linkswanted
    Replies:
    1
    Views:
    936
  5. Replies:
    2
    Views:
    170
Loading...

Share This Page