Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Best approach for SSO for Asp.Net application with Login from external application with multiple ADFS [closed]

I have an already built Asp.Net application which is using Asp.Net membership provider.

There is a client web application which has its own login. Once logged in, the user gets some links. These links are directed to the application I have developed. Currently since these are two different applications hosted in two domains, there are two time login required.

What I am trying to achieve is have SSO and not have to login when the user is already logged in the client application. I have read through and seems its possible to have this done via a STS provider like ThinkTecture IdentityServer and utlising ADFS at our end.

Is this the best approach and if yes, I couldn't find much of documentation with respect to what are the updates I need to ask from the main application team to have it SSO enabled.

like image 748
Chinjoo Avatar asked Aug 18 '15 12:08

Chinjoo


People also ask

How would you implement SSO in your application?

In the management dashboard, click Apps / APIs. Click the application that you want to enable Single Sign On. In the Settings tab, scroll down until you see the Use Auth0 instead of the IdP to do Single Sign On switch. Flip the switch! and save the changes.

What is a single sign on SSO approach?

Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials.


1 Answers

That might be possible with STS Provider or ADFS. What I would suggest is to have a web application only for authentication where in when user clicks on login on main website, you can redirect to authentication application, authenticates and create a token and then redirect back to main application along with token. Later, you can call any applications along with this token and check if user has permission to access this application or not. Token contains information such as authenticated user, permission, etc. I suppose you need to create custom http module to implement this.

If all applications are under one domain, it can be achieved by cookies.

like image 68
Vishal Avatar answered Oct 01 '22 09:10

Vishal