Pass authenticated user from sharepoint to asp mvc application

Question

I have made asp.net mvc application that have custom forms authentication. Beside that it needs to authenticate user from sharepoint (in other words I need to pass user from sharepoint to asp mvc application). SP and asp mvc app are in the same domain and SP is using AD to authenticate user. I have searched google/so and so far I haven`t got any good solution.

Note: I need secure way of passing user from sp to asp mvc application ... I saw few examples that pass user thought URL parameter and I think that this is not secure thing to do.

Answer 1

You could configure SP for a custom forms auth provider which in turn validates to the domain - then you are sharing forms auth tokens between apps which is fairly easy:

http://msdn.microsoft.com/en-us/library/ie/eb0zx8fc.aspx

Answer 2

Why not to use url paramenter?

public class SecureToken {
    public Int32 UserId {get;set;}
    public DateTime DateCreated {get;set;}
    public DateTime ValidTill {get;set;}

    public SecureToken (Int32 userId) {
        this.UserId = userId;
        this.DateCreated = DateTime.Now;
        this.ValidTill = this.DateCreated.AddMinutes(0.5);
    }
    public String ToEncryptedToken() {
        // Do serialization,
        // Then encrypt with, for example TrippleDES
        // Escape for url
        // return the string arguement for url
    }

    public static SecureToken Decrypt(String input) {
        // If the DateCreated == ValidTill - 30 seconds
        // If validTill > Now
        // If decryptable
        // Return deserialized token
        // else throw Authentication error.
    }
}

The point here is that the token while in URL is viable only for 30 seconds. As an additional parameter you can use HMAC-SHA 256 during serialization and check weather this is really your token.