Single login/logout for two different websites: How?


A

Author

1. We have two different asp.net websites (created as website projects
instead of web application projects).

2. We need to provide single login and logout for both websites. In
other words, a user logs in, clicks on Site A, s/he should be able to
access Site A, if s/he clicks on Site B, s/he should be able to access
Site B. If the user logs out, s/he should logout both websites.

Site A has these navigation menus:

Home | Menu1 | Menu2 | Menu3 | Site B | Logout

Site B has these navigation menus:

Home | Menu1 | Menu2 | Menu3 | Site A | Logout

What is the best solution such that when a user logs in, both
applications are aware of this authenticated user, and when s/he logs
out, s/he is logged out of both?

I am thinking of storing the session id, user name in a sql server
database, and pass the session id to either site in a query string.
Will this work? What problem should I anticipate?

Anyone did this before?
 
Ad

Advertisements

A

Author

You can do it, to an extent (some caveats).

First you have to set up your machine keys so both sites us the same tokens
(web.config)
Next you set the cookie name to the same name (web.config)
Caveat: Cannot share session information, so you have to persist this off

I am probably missing a step in the above process, but that is the basics of
it. If you need to share session information, you have to persist it to a
store that both sites are configured to use.

I am imagine you can also kludge up the ASP.NET session, but I think that is
risky.

Perhaps with Geneva you can share tokens and end up witha  really nice
single sign on. You can do the same with other token paradigms (Kerberos,
etc.).

"

Thanks.

I don't really need to share session, because the two web applications
are doing different things. The only thing that needs to be shared is
the user name.

I think I can do this:

1) When the user jumps from this site to that site, I pass along the
session ID, with which the other site can get the user name from the
database.
2) When the user clicks on Logout from site A, I abandon the session,
SignOut the form and then immediately redirects to the logout of the
other site where the other site's logout logic is executed.

Not sure if this will work, especially uncertain if cross-site
redirect will work. Well, I'm gonna give the idea a shot.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top