Reputation: 7533
Cross-site Windows and Forms authentication
I have an ASP.NET site on a public web server, where users login using forms authentication.
I would like users within certain organisations to be able to login automatically through Windows authentication (bypassing the login page). However, because these clients are on lots of different servers, I can't just build in Windows security to the main site. (I know there are articles on how to mix Windows and Forms security.)
My idea is for each organisation to install a page onto their intranet which redirects to my website and authenticates the user according to their Windows domain and username. Is this possible to achieve securely? How could I go about doing it?
Upvotes: 0
Views: 292
Answers (1)
Reputation: 1567
What you have described is almost federated identity.
As well as a page on each site, you will also need a webservice whch will validate a token.
Essentially the flow is: User comes to your logon page you redirect them to their company logon page their company logon page takes their credentials and redirects back to you returning a token
you then call their webservice to validate the token an determine who the user is.
Many public API's use this scheme (facebook being a notable example).
look up oauth and federated identity for more information.
Upvotes: 1
Related Questions
- Mixing Forms authentication with Windows authentication
- ASP.NET Forms Authentication and Windows Authentication
- Forms Authentication Shared Across Websites
- Mixing Windows/Forms Authentication Cross site
- Mixing Forms and Windows authentication in .Net 4.5
- Form authentication across multiple applications
- Mixing Windows and Forms Authentication in ASP.NET MVC
- ASP.Net Cross-Site Authentication
- Forms Authentication cross Windows Authentication
- Asp.net and windows authentication