Re: custom token in asp.net

From: Patrice (nobody_at_nowhere.com)
Date: 04/15/04 

Date: Thu, 15 Apr 2004 10:36:17 +0200

I would keep this in a cookie. Bascially the scenario could be something
such as :

- if not authenticated goes to the login form (that is on its own site)
- it writes a cookie when authenticated
- it returns a user id or whatever is needed to the calling site

On another site, when not authenticated it goes to the login form. This form
sees that the user is already authenticated using the cookie and returns
directly then to the calling site with the appropriate info.

Passing from a site to another is done with redirections...

You may still want to look at Passport to see if they describe how it's
done...

Patrice

<J> a écrit dans le message de news:eL$KjLiIEHA.2876@TK2MSFTNGP09.phx.gbl...
> Patrice,
>
> I think the problem here is how to keep the "token" between different web
> applications so the user can logon once and navigate to another web
> application without propmted for userid & password.
> And these web applications will be designed to use single sign-on if this
> can be done.
> In an intranet scenario, I can rely on IE (Netscape is not concern in this
> scenario) to keep the "token" using windows integrated authentication. But
> in an internet scenario, I am not sure which method I should use or could
> use.
> Is there a way to mimic windows integrated by using form authentication?
>
> Thanks,
> J
>
>
> "Patrice" <nobody@nowhere.com> wrote in message
> news:efF0SQfIEHA.3832@TK2MSFTNGP12.phx.gbl...
> > If you want to reuse something you could start by checking if Passport
> > authentication fits your needs : see
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;315734
> > If not what exact point is a problem in the article below (are all sites
> > under your control ?, in the worst case you could expose single sign on
as
> a
> > web service) ?
> >
> > If you mean that you want single sign on for web applications that are
not
> > intended to do so, I'm not sure it's worth to try ("hacking" depending
on
> > how login information is submitted to these services, having just IE
> > remembering the password ?)
> >
> > Patrice
> >
> >
> > <J> a écrit dans le message de
> news:uftQfFZIEHA.3376@TK2MSFTNGP09.phx.gbl...
> > > Thanks! This is a good article.
> > > But what I would like to implement is a Single Sign-On solution for
the
> > > public web sites which involve many different public accessible web
> > > applications.
> > > This is for a community and we would like to have users register once
> then
> > > they can access different Single Sign-On enabled web applications
> without
> > > entering id & password every time.
> > >
> > > Any ideas about this?
> > > Thanks!
> > >
> > > "Patrice" <nobody@nowhere.com> wrote in message
> > > news:u$ajDJWIEHA.2524@TK2MSFTNGP11.phx.gbl...
> > > > You could try :
> > > >
> > >
> >
>
http://msdn.microsoft.com/asp.net/using/understanding/security/default.aspx?pull=/library/en-us/dnaspp/html/singlesignon.asp
> > > >
> > > > Patrice
> > > >
> > > >
> > > > <J> a écrit dans le message de
> > > news:eLe206VIEHA.3144@TK2MSFTNGP10.phx.gbl...
> > > > > Yes, a security token.
> > > > > It can be used like a windows token except it is constructed by
the
> > > > > application.
> > > > > I would like to use it as a way to do the single signon.
> > > > >
> > > > > Any ideas?
> > > > > TIA.
> > > > >
> > > > > "Jan Tielens" <jan@no.spam.please.leadit.be> wrote in message
> > > > > news:OAIDVqRIEHA.2144@TK2MSFTNGP12.phx.gbl...
> > > > > > A token? In which context: a security token?
> > > > > >
> > > > > > --
> > > > > > Greetz,
> > > > > > Jan
> > > > > > ________________________
> > > > > > Read my weblog: http://weblogs.asp.net/jan
> > > > > >
> > > > > > <J> schreef in bericht
> news:OBbXg1OIEHA.1608@TK2MSFTNGP11.phx.gbl...
> > > > > > > hi there,
> > > > > > >
> > > > > > > Anybody knows how to create and use custom token in asp.net?
> > > > > > > Where can I find reference and samples?
> > > > > > >
> > > > > > > TIA.
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Forms Authentication w/SubFolders
    ... > made a few days later that reports a similar issue: Sucessful authentication ... > the fact that this cookie exists, and returns to the login.aspx page. ... >>When the user access a resource in a subfolder, ... >>when the login form attempts to redirect the browser to ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Forms Based Authentication Issue (VIEWSTATE) Login Form On Non Protected Page
    ... I have it all working fine and pages I want to protect show a login ... login form on an area of their homepage. ... CLASSIC ASP SCENARIO) ... this using the built in forms authentication structure of .NET. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Web request with an existing cookie...
    ... > poll is an asp website that is using forms authentication. ... > that once the login form is submitted a session cookie is written ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: Forms authentication cookie handling question (C#)
    ... I also replaced all of my ticket authentication code with the ... // Username and or password not found in our database... ... LoginControl's default code logic to generate authentication cookie. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: IIS and FQDN authentication confusion
    ... Scenario 2 does not work because the site is not in the Intranet zone. ... It sounds like you might not be getting Kerberos authentication to the web ... server when you use the FQDN, and thus delegation is not working. ...
    (microsoft.public.dotnet.framework.aspnet.security)