Reputation: 2909
ASP.NET external authentication
I have an asp.net application in which I have used forms authentication.
Now, there is a need that user authentication is done outside of my application. There will be an intro page which will do needed authentication. Then, after authentication is successful user should be redirected to my app.
Of course, if user is not authenticated via that external page and tries to access my app directly, I need to redirect him back to this external log in page.
What's the best way to implement such a functionality? One way which I think is feasible is that I transfer some particular encrypted string in cookie from external login page and verify it in my application. So, based on that, I can see if user is authenticated via this external page or not.
Upvotes: 0
Views: 479
Answers (4)
Reputation: 2909
At the end we decided to use SAML 2.0 protocol.
External login page posts SAML complient XML digitally signed with certificate to other application. In this XML authenticated username is transferred. Application which receives this XML verifies digital signature with certificate's public key, and if validation is OK, reads username from XML, applies internal application authorization logic and at the end creates auth. cookie. We will probably add encryption so data protection would be complete.
Upvotes: 0
Reputation: 15673
You probably should no be rolling your own single sign on solution in 2011. Rather, you should look at some emerging standards -- particularly OAuth and OpenID. Getting rolling with them is easy -- check out the OpenID website template on MSDN.
Upvotes: 0
Reputation: 6543
I would simply go with adding a Webservice in the first application that you in your stage can connect to a check if the user is logged in, the only problem with this is that you need to know which user whants access to your site and also to confirm that this is truly that user (So a user cant use other users who are logged in). This info could probably be sent via a cookie.
Upvotes: 0
Reputation: 422
Your own suggestion of validating the external site's cookie is how I would implement this functionality as well.
Upvotes: 0
Related Questions
- External Login Authentication in Asp.net core 2.1
- asp.net authentication for any third party
- ASP.NET External Login Provider
- Windows authentication for internal users and Login.aspx for external user
- ASP.NET Authentication
- ASP.NET MVC Forms authentication against external web service
- forms authentication in mvc app, authenticating with external service
- ASP.NET authentication
- ASP.Net Cross-Site Authentication
- Integrated authentication and external access