Login Once to Access Two Sites

Discussion in 'ASP .Net' started by Jeff, Nov 22, 2005.

  1. Jeff

    Jeff Guest

    Using 1.1...
    I want to enable users to authenticate to one site, then be transferred to a
    2nd site without having to also log in there. In other words, authenticating
    to site1 automatically authenticates users in site2. FWIW: These two sites
    are at different domain names, but they are on the same server and I have
    complete administrative control over both.

    Can this be done? If so, I'd appreciate some high-level direction.

    Thanks!
     
    Jeff, Nov 22, 2005
    #1
    1. Advertising

  2. Jeff

    Brock Allen Guest

    If they were on the same server, then it's be no problem as it's easy enought
    o share the Forms Auth cookie across the two as long as <machineKey> is sync'd
    across the two apps. But since this is cross domain, then you're going to
    have to build some sort of auth handshake between the two sites (sort of
    what passport does). It's not hard, but also it's not trivial.

    The high level design would be something like the user hits site 1 and auths.
    When you want them to then access site 2 (diff domain) then site 1 would
    have to build some sort of link with a querty string for site 2. The query
    string would have to contain the username that was used to auth at site 1.
    It would also have to be encrypted with a key that site 2 would be able to
    decrypt. The user hits the link to hit site 2. Site 2 decrypts the query
    string and now knows who the user is.

    At least this is the high level idea.... I don't have anymore details than
    this though. And there are probabaly more secure and/or spohisticated approaches
    to this. Perhaps posting in the security newsgroup you'd get people with
    ideas and/or links for samples on this.

    -Brock
    DevelopMentor
    http://staff.develop.com/ballen

    > Using 1.1...
    > I want to enable users to authenticate to one site, then be
    > transferred to a
    > 2nd site without having to also log in there. In other words,
    > authenticating
    > to site1 automatically authenticates users in site2. FWIW: These two
    > sites
    > are at different domain names, but they are on the same server and I
    > have
    > complete administrative control over both.
    > Can this be done? If so, I'd appreciate some high-level direction.
    >
    > Thanks!
    >
     
    Brock Allen, Nov 22, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kevin Buchan
    Replies:
    1
    Views:
    472
    Eric Lawrence [MSFT]
    Feb 20, 2004
  2. darrel
    Replies:
    23
    Views:
    1,974
    Juan T. Llibre
    Oct 4, 2005
  3. Stefan Caliandro
    Replies:
    2
    Views:
    626
    Beauregard T. Shagnasty
    Feb 14, 2005
  4. Jasbird

    Sites about web-sites ?

    Jasbird, Sep 12, 2006, in forum: HTML
    Replies:
    1
    Views:
    396
  5. imx
    Replies:
    10
    Views:
    798
Loading...

Share This Page