Hi,
I have an online application (written in .asp) that requires a login to be
accessed and used. I have a login.asp page that asks for username and
password, looks up in a MS SQL db if a combination of those
username/password is available and, if so, sets a session variable and goes
to home.asp (this page checks if the session variable has been set, and if
not, redirects to login.asp). That's the usual method in .asp to make
password-protected pages. This way, the SQL database contains all usernames
and passwords.
Now I have a company that wants to use my application (hosted on my server)
but does not want their users to make a double login, I mean one login to
their network and one login to my application. They want a way so that my
application recognizes their users and logins automatically; in a few words,
their users should be allowed to go directly to home.asp without first
stepping to login.asp.
They are using a Windows network, so I looked into using Active Directory
(LDAP) integration in .asp pages but:
1) Can you tell me a source where I can find simple integration information?
I found a lot of information, but nothing is very simple
2) Since my application is hosted on my server (on-line and outside their
network), I don't think I'll be able to use AD integration, because I think
they should be in the same domain
So, my final question is: how would you approach such a problem? Googling on
the net I also found this page
http://www.google.com/a/help/intl/en.../editions.html where Google
offers a single sign-on to their application via API. I think they don't use
AD integration, but they achieve exactly what I need (a single sign-on). So,
how can Google do such a thing? What approach are they using? I can develop
a login API for my application too.
Thank you.