Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

ASP.NET MVC multi-site SSO using OpenID

Tags:

asp.net-mvc

openid

single-sign-on

I am putting a plan together for a series of sites that will share user account information among them. The idea is that once a user logs in using their OpenID, they can access any of the sites and it will know who they are.

What are the common patterns/best practices that i could employ to achieve this?

like image 427
Jason Miesionczek Avatar asked Aug 07 '09 14:08

Jason Miesionczek

2 Answers

If all the sites share a common hostname in their URL then you can set an auth cookie (FormsAuthentication.SetAuthCookie) specifying the path of the cookie to be "/" so that all sites can see the user is logged in.

If the sites are not sharing a common host name, I think the only way to get a truly "once signed in, signed in everywhere [within your ring of web sites]" would be for all authentication to happen at just one site (perhaps one dedicated to authenticating the user) and for the other sites to redirect the user to that site for authentication and then that site would redirect back. In essence, that auth site becomes an identity provider, and almost exactly fills the role of an OpenID Provider (in fact DotNetOpenAuth could be used here for this exact purpose). Since it sounds like your goal is to let the user log in with their OpenID, your OpenID Provider on that one auth site could itself use OpenID to authenticate the user. Your own pure-delegation OpenID Provider could be written such that it always responds immediately to checkid_immediate requests as long as the Realm in the auth request is one of your trusted ring of sites. Thus you could effect single-sign-on across all your sites.

like image 148
Andrew Arnott Avatar answered Sep 24 '22 22:09

Andrew Arnott

Please consider the following Patterns & Practices on Web Service Security from Microsoft:

Brokered Authentication - http://msdn.microsoft.com/en-us/library/aa480560.aspx

The main topic is - Web Service Security

Scenarios, Patterns, and Implementation Guidance for Web Services Enhancements (WSE) 3.0

http://msdn.microsoft.com/en-us/library/aa480545.aspx

Ultimately theres lots of ways you could do it. I achieved a simple single sign on by building a url with a token from one website pointing to another domain. The encoded & encrypted token contained details to submit back to the previous domain. Upon receiving an incoming request on the second domain, an underlying web service checks that the incoming request's token is valid with the previous domain using a shared private secret, known to both domains.

like image 25
Rabid Avatar answered Sep 22 '22 22:09

Rabid
Sign in to Comment

Related questions

Programmatically convert Word (docx) to PDF
Why is Html.DisplayTextFor ignoring DisplayFormatAttribute?
Inherited interface property not found by Model Binding in MVC3 but works fine in MVC2
How to give shared layout a model in Razor MVC?
ASP.NET MVC editor template for property
Forms authentication with requireSSL=true not returning cookie with Secure attribute
Change culture based on a link MVC4
Call custom confirm dialog in Ajax.Beginform in MVC3
MVC "Access is Denied" using IIS
How to prevent Razor from adding prefixes to inputs when using nested display templates?
UserManager.FindAsync not working with custom implementation of UserStore
Routes.AppendTrailingSlash exclude some routes
How to invalidate Web API cache from another Controller(ASP.NET Web API CacheOutput Library)
How to define different user types in ASP.NET Identity? [closed]
Slashes in a query string parameter?
How to create T4 text templates(.tt) in ASP.NET core on Visual Studio 2015
GDI+ exception when saving image in PNG format
How to get response from IPN cryptocurrencies
ASP.NET MVC Routes with "File Extensions"
Localization of ASP.NET MVC websites with GNU Gettext?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!