CODEWITHSUNDEEP
wordpresssingle-sign-on
Rabiul Islam
Rabiul Islam

Reputation: 1

Implementing Single Sign On

I am developing 2 web application, one is developed on WordPress and another one in Asp.net MVC. We allow FB,Google Id to login from both application.

The site developed in WordPress, user can login to that site using FB Id and by clicking a link I load my asp.net mvc site in a Iframe on WordPress site.

As user logged in already in WordPress site, I want user authentication and authorization will be done using some token passed from Wordpress site to asp.net site. Currently I am passing encrypted url and I am passing some information. I am not sure, it is a standard/recommendation way.

I think there is something standard to solve this problem. I want to know that.

Upvotes: 0

Views: 933

Answers (2)

Eugenio Pace
Eugenio Pace

Reputation: 14212

The WP user is not technically authenticated with WP, it is to FB or Google. All you need to do is have your ASP.NET MVC app accept FB or Google identities and SSO will "just work". You don't need to pass anything from WP to ASP.NET.

FB and Google operate slightly differently, but both will support OAuth (and OpenId). in the .NET app one library you can use is DotNetOpenAuth (which comes with MVC4 already). Alternatively you can rely on a 3rd party service to handle authentication to Google/FB (and potentially others: twitter, linkedin, etc). This 3rd party service is technically referred to as a "Federation Provider" (FP) and is in essence a broker between your apps and other identity systems:

WP   -+          +-> FB
      |          |     
.NET -+ --> FP --+-> Google 
...   |          |

app3 -+          +-> Others

The advantage of this model is that you can change identity providers later on without affecting your app, and you can add apps without having to register them in all Identity providers.

One such service is Windows Azure Active Directory which works out of the box with FB and Google. Another one is Auth0. (Full disclosure: this is where I work).

Upvotes: 1

Mahesh Guruswamy
Mahesh Guruswamy

Reputation: 769

SAML (Security Assertion Markup Language) is a widely adopted technique to enable single sign on between two disparate domains/web sites. More information at http://en.wikipedia.org/wiki/Security_Assertion_Markup_Language. Another technique made popular by social networking sites is OAUth. More information at http://en.wikipedia.org/wiki/Oauth. The FB developer pages also have excellent information about OAUth

Upvotes: 0

Related Questions