using a shared session

Discussion in 'ASP .Net' started by masoud bayan, Jan 3, 2005.

  1. masoud bayan

    masoud bayan Guest

    Hi,



    We have 3 different web applications on three different websites (and
    domains). Now we want to make it possible for users to login in each of
    these applications and can navigate to other applications without
    authenticating. So generally we need to have a shared session across
    applications (a single sign-on).

    Whenever a user logins in each application a session identifier is created
    and is saved in the cookie for that session.

    1. Is there any chance to create cookies for other applications
    (websites) at the same time (login time in one of the apps)? So when user
    navigates to other sites, other server can read the session information from
    cookie?

    2. Is there any other approach that we can use to have single sign-on
    capability through our sites?



    Any advice is appreciated.



    Thanks

    Masoud
     
    masoud bayan, Jan 3, 2005
    #1
    1. Advertising

  2. Hi masoud,

    As you're talking about multiple apps, you're definitely NOT talking about
    Session. What you're describing falls more accurately into the realm of
    "messaging." You need to send a message from one app to the other to
    indicate that the user is logged into the first app, and who the user is
    logged in as. You may create a new Session for the second app after you have
    received this information, but you can not share Sessions across apps.

    In the realm of messaging, you have several alternatives. One is to pass
    data via QueryString, but that isn't secure. An alternative is to use a
    database, into which the first app puts the data, and the second app reads
    it. The first app could post a form to the second, and pass the data in that
    way. Of course, unless the data is encrypted, it is not much more secure
    than using a Query String. Another alternative is to use a Web Service to
    pass the data. For example, you could create a Web Service Method on app 2
    that takes several parameters of data about a user, and registers that user
    somehow with the app. App 1 would make a Web Service call to the Method,
    passing in the user data, and then redirect to the appropriate page in app
    2. You would have to use encryption here as well.

    You could also use Windows Messaging Services, but that is queued, and you
    need to be sure that the data has arrived by the time you redirect.

    --
    HTH,

    Kevin Spencer
    Microsoft MVP
    ..Net Developer
    Neither a follower nor a lender be.


    "masoud bayan" <> wrote in message
    news:...
    > Hi,
    >
    >
    >
    > We have 3 different web applications on three different websites (and
    > domains). Now we want to make it possible for users to login in each of
    > these applications and can navigate to other applications without
    > authenticating. So generally we need to have a shared session across
    > applications (a single sign-on).
    >
    > Whenever a user logins in each application a session identifier is created
    > and is saved in the cookie for that session.
    >
    > 1. Is there any chance to create cookies for other applications
    > (websites) at the same time (login time in one of the apps)? So when user
    > navigates to other sites, other server can read the session information
    > from
    > cookie?
    >
    > 2. Is there any other approach that we can use to have single sign-on
    > capability through our sites?
    >
    >
    >
    > Any advice is appreciated.
    >
    >
    >
    > Thanks
    >
    > Masoud
    >
    >
    >
    >
    >
    >
    >
    >
     
    Kevin Spencer, Jan 3, 2005
    #2
    1. Advertising

  3. masoud bayan

    bruce barker Guest

    you will need to do a ticket system. you can link because a cookie can not
    be shared between domains, you will have to pass the ticket to site. this
    means you can link between sites without requiring a new login, but if the
    users hit the site directly, they will be prompted for a login.

    you can use a common webservice (like ms passport) to handle the comon login
    verfication and ticket.

    -- bruce (sqlwork.com)



    "masoud bayan" <> wrote in message
    news:...
    | Hi,
    |
    |
    |
    | We have 3 different web applications on three different websites (and
    | domains). Now we want to make it possible for users to login in each of
    | these applications and can navigate to other applications without
    | authenticating. So generally we need to have a shared session across
    | applications (a single sign-on).
    |
    | Whenever a user logins in each application a session identifier is created
    | and is saved in the cookie for that session.
    |
    | 1. Is there any chance to create cookies for other applications
    | (websites) at the same time (login time in one of the apps)? So when user
    | navigates to other sites, other server can read the session information
    from
    | cookie?
    |
    | 2. Is there any other approach that we can use to have single sign-on
    | capability through our sites?
    |
    |
    |
    | Any advice is appreciated.
    |
    |
    |
    | Thanks
    |
    | Masoud
    |
    |
    |
    |
    |
    |
    |
    |
     
    bruce barker, Jan 3, 2005
    #3
  4. masoud bayan

    masoud bayan Guest

    Thank you.

    Masoud

    "masoud bayan" <> wrote in message
    news:...
    > Hi,
    >
    >
    >
    > We have 3 different web applications on three different websites (and
    > domains). Now we want to make it possible for users to login in each of
    > these applications and can navigate to other applications without
    > authenticating. So generally we need to have a shared session across
    > applications (a single sign-on).
    >
    > Whenever a user logins in each application a session identifier is created
    > and is saved in the cookie for that session.
    >
    > 1. Is there any chance to create cookies for other applications
    > (websites) at the same time (login time in one of the apps)? So when user
    > navigates to other sites, other server can read the session information

    from
    > cookie?
    >
    > 2. Is there any other approach that we can use to have single sign-on
    > capability through our sites?
    >
    >
    >
    > Any advice is appreciated.
    >
    >
    >
    > Thanks
    >
    > Masoud
    >
    >
    >
    >
    >
    >
    >
    >
     
    masoud bayan, Jan 4, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. DJ Dev
    Replies:
    3
    Views:
    16,163
    Gandalf
    Feb 8, 2004
  2. Joe Fallon
    Replies:
    3
    Views:
    775
    =?Utf-8?B?Z3V5?=
    Jul 16, 2004
  3. ben
    Replies:
    3
    Views:
    522
    Kevin Spencer
    Nov 15, 2004
  4. tshad
    Replies:
    11
    Views:
    830
    tshad
    May 27, 2005
  5. Imran Aziz
    Replies:
    1
    Views:
    549
    Stefan
    Aug 22, 2005
Loading...

Share This Page