Connecting Tech Pros Worldwide Help | Site Map
bytes > topic > iis > answers

SSO and IIS

Newbie
  
Join Date: Jul 2008
Posts: 2
#1: Jul 16 '08
Hi All,

I was interested in implementing a single sign on solution for my web applications. I wanted to use Kerberos, but I heard it was not easily compatible for web applications.

All my applications run off of IIS, so it is a little harder finding resources. If you could point a way, I would definitely appreciate it.

Thanks
kenobewan's Avatar
Moderator
  
Join Date: Dec 2006
Posts: 4,745
#2: Jul 17 '08

re: SSO and IIS

Quote:

Originally Posted by ssdesai1

Hi All,

I was interested in implementing a single sign on solution for my web applications. I wanted to use Kerberos, but I heard it was not easily compatible for web applications.

All my applications run off of IIS, so it is a little harder finding resources. If you could point a way, I would definitely appreciate it.

Thanks

One way to achieve this is through a database. If you are not using a database you could use a sign on application. All methods may depend on how much security you want. Also have a look at this article:
Understanding Single Sign-On in ASP.NET 2.0
Newbie
  
Join Date: Jul 2008
Posts: 2
#3: Jul 17 '08

re: SSO and IIS

Quote:

Originally Posted by kenobewan

One way to achieve this is through a database. If you are not using a database you could use a sign on application. All methods may depend on how much security you want. Also have a look at this article:
Understanding Single Sign-On in ASP.NET 2.0

Thanks kenobewan

If I wanted to maximize security (ie: construct rules for passwords, have password change every 90 days, etc) how would I do it?

Also, when you say a sign on application, do you mean open source like cosign or pubcookie, etc?

Thanks for the response.
kenobewan's Avatar
Moderator
  
Join Date: Dec 2006
Posts: 4,745
#4: Jul 19 '08

re: SSO and IIS

Quote:

Originally Posted by ssdesai1

Thanks kenobewan

If I wanted to maximize security (ie: construct rules for passwords, have password change every 90 days, etc) how would I do it?

Also, when you say a sign on application, do you mean open source like cosign or pubcookie, etc?

Thanks for the response.

I can't design a secure system for you, but these are the reasons that you could use a sign on application rather than dealing with sign on directly through each application.

The most secure systems have no restricted data/ files on them. However, for those that need to protect data while making it available to a few, the next best thing may be two systems. If there is no public system then you obviously need only a secure system.

As the system architect it is up to you to design the system or use third party applications.
Reply

« previous question | next question »

Similar IIS / Microsoft Internet Information Services bytes

/bytes/development

/bytes/it

/bytes/about

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 226,272 network members.

dev questions:
algorithms | asp | asp.net | c/c++ | coldfusion | c# | flash | html/css | java | javascript |
mobile dev | .net | perl | php | python | ruby | software dev | vb.net | visual basic | xml
it questions:
access | apache | careers | db2 | iis | macosx | mysql | networking | oracle | postgresql | sql server | unix | windows

About Bytes | Copyright 1995-2009 BYTES. All rights Reserved