Consuming user/auth info from Rails app in ASP.Net Web application

Question

I have two applications - one built in Ruby (v1.9.2 I think) on Rails and another simple reporting application built with ASP.Net that is basically a front end to some Reporting Services reports. What I'd like to do is provide a single sign-on type of functionality from the Rails app to the ASP.Net web app. Is there a way this can be done?

Note: I can always pass user information in to the ASP.Net web application via the request using the query string or some such mechanism, but that feels a little dirty.

Answer 1

A simple solution would be to have the two apps on the same domain, but in separate subdomains, e.g.:

• reporting.mydomain.com
• login.mydomain.com

And then have a shared cookie (set the cookie domain to .mydomain.com).

Your ASP.NET application can then check your Rails login app (via a webservice / REST API) to get the user name and login status from the session ID.

Though I also think OAuth is a great way to go, this would work :)

Answer 2

I assume your question relates to 'end user' experience. In this case you should use OAuth. Basically you need to support a following workflow:

• User will access .net reporting application.
• it'll redirect a user to Rails app, where user will be asked to grant access to 'his' data
• User, upon accepting, will be redirected back to .net app, with an ouath token

Here Rails app will server as OAuth provider and ,net app as an OAuth client.

It may sound as an overkill but this approach has many advantages:

• you can control which apps have access to user data
• clear separation of roles and auth
• using industry standard OAuth will allow other to use your service
• there are many OAuth libraries which will help with other languages