I work for a medium-sized insurance company, developing web-based systems for
our independent agents. There are four primary applications we provide - one
that serves as an agent portal (ASP), and three others that serve
applications specific to each line of business (one ASP, two ASP.NET). Each
of these applications reside on their own server/environment, all of which
are in the same AD domain. We also have multiple top-level domains that
different sets of users visit to access the sites.
Currently, this is how we are tackling Single Sign On. The user logs in to
the portal site which is locked down via Basic authentication (okay, "locked
down" and "Basic authentication" in the same sentence...I know...I know).
Once authenticated, the portal site makes a call to an ASP.NET web service
that creates and returns a FormsAuthentica tion ticket for the user that
logged in. It then sets a persistent cookie containing that ticket. When
the user accesses one of the ASP apps on another server, we check for the
cookie and call in to the same web service to decrypt it and extract the user
- at that point, their session is built and they are logged in. When the
user accesses one of the ASP.NET apps, it is a bit easier. The machine keys
are all in sync, so enabling Forms Authentication allows the ASP.NET app to
recognize the cookie as a ticket, and the user is logged in. If a user
visits any of the LOB sites without going through the portal, they are
presented with that site's login page which essentially does the same thing
as the portal, except the cookie is not persistent.
Here is how I envision it working in a perfect world. The user logs in to
our portal site using their account which is stored in AD. When they visit
any of the other LOB apps, they do not have to provide credentials a second
time. True Single Sign-On. Granted, this is pretty much how it works today,
but I would prefer something more secure. Now my questions. Given our
mutli-server envrionment and the mix of ASP/ASP.NET, what other SSO options
do we have? I've read bits and pieces about Active Directory's ability to
provide an SSO experience, but I have been coming up short finding out how to
implement this when the bulk of our users are outside the corporate firewall.
Can anyone point me in the right direction? I am not opposed to third-party
solutions if they will meet our needs and are easy to implement/integrate. I
am interested in hearing others' experiences with this as well.
Thanks in advance!
Eric Matz
1  2314 
I work for a $9.7 bil. company (Truck manufacturer) that is using Tivoli
Access Manager (from IBM) for single sign on. I have recently inherited a
project (traditional ASP) that authenticates against TAM and am developing
another (ASP.NET) that will authenticate against it. Take a look at http://www-306.ibm.com/software/tivo...ess-mgr-e-bus/ for more
information.
I don't have much first-hand experience with it yet but the documentation I
have read makes it sound pretty straight-forward to implement and some other
developers I have spoken with seem to like it. TAM is being used heavily by
our dealer network and we are slowly migrating to it for our purchasing
systems.
HTH
----------------
Dave Fancher http://davefancher.blogspot.com
"EricMatz" <Er******@discu ssions.microsof t.com> wrote in message
news:5A******** *************** ***********@mic rosoft.com... I work for a medium-sized insurance company, developing web-based systems
for
our independent agents. There are four primary applications we provide -
one
that serves as an agent portal (ASP), and three others that serve
applications specific to each line of business (one ASP, two ASP.NET).
Each
of these applications reside on their own server/environment, all of which
are in the same AD domain. We also have multiple top-level domains that
different sets of users visit to access the sites.
Currently, this is how we are tackling Single Sign On. The user logs in
to
the portal site which is locked down via Basic authentication (okay,
"locked
down" and "Basic authentication" in the same sentence...I know...I know).
Once authenticated, the portal site makes a call to an ASP.NET web service
that creates and returns a FormsAuthentica tion ticket for the user that
logged in. It then sets a persistent cookie containing that ticket. When
the user accesses one of the ASP apps on another server, we check for the
cookie and call in to the same web service to decrypt it and extract the
user
- at that point, their session is built and they are logged in. When the
user accesses one of the ASP.NET apps, it is a bit easier. The machine
keys
are all in sync, so enabling Forms Authentication allows the ASP.NET app
to
recognize the cookie as a ticket, and the user is logged in. If a user
visits any of the LOB sites without going through the portal, they are
presented with that site's login page which essentially does the same
thing
as the portal, except the cookie is not persistent.
Here is how I envision it working in a perfect world. The user logs in to
our portal site using their account which is stored in AD. When they
visit
any of the other LOB apps, they do not have to provide credentials a
second
time. True Single Sign-On. Granted, this is pretty much how it works
today,
but I would prefer something more secure. Now my questions. Given our
mutli-server envrionment and the mix of ASP/ASP.NET, what other SSO
options
do we have? I've read bits and pieces about Active Directory's ability to
provide an SSO experience, but I have been coming up short finding out how
to
implement this when the bulk of our users are outside the corporate
firewall.
Can anyone point me in the right direction? I am not opposed to
third-party
solutions if they will meet our needs and are easy to implement/integrate.
I
am interested in hearing others' experiences with this as well.
Thanks in advance!
Eric Matz This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Peter Tragardh |
last post by:
I'm searching for info on how to authenticate a user in the same way that
for example Source Safe does. I would like my system to use Windows as the
authenticator, so that the user doesn't have to log on separately to access
my system.
|
by: Cowboy \(Gregory A. Beamer\) |
last post by:
Quite a few months back, I was able to create a single sign on app for all
apps on a single box (perhaps a domain, but never tested) by setting the
auth cookie name to an identical value:
<authentication mode="Forms">
<forms name="SingleSignOn" loginUrl="login.aspx">
</authentication>
I could then surf from app to app on the same box and the cookie, named the
same, would allow me to bypass the logon form. I currently have an app in
|
by: Rodney Lane |
last post by:
Hi
I am investigating the possibility writing an application which uses single
sign on with ASP.Net / VB.Net and was wondering if anyone has endeavoured to
do this yet.
I will most likely be using Site Minder as the single sign on engine, and
building the ASP.Net front end to drive it.
Does anyone know where I can find some code on how to manipulate standard
|
by: daniel |
last post by:
Hi,
i want to use dotnet web form to do SSO with AD now, but i don't know to do
it.
where can i look for relative article or sample code ?
thanks.
|
by: Spam Catcher |
last post by:
Hi all,
I'm looking to implement a single sign on solution for .NET applications.
This single sign on solution will need to work against a variety of back-
end databases (i.e. SQL (mainly), Active Directory (some), Custom Data
Sources (XML, MDB, Custom Web Service, etc).
Is there any sample code on implementing a simple single sign on service?
The app would need:
| | |
by: Jai |
last post by:
Hi,
I have a problem related to Login System.
I am developing 3 websites for some institution.Now they want that if
anybody had sign up for there site1.com(say), than he or she should be
able to sign in for site2.com and site3.com.
hence, if user has sign up for the membership of site1.com than he/she
should automicallly become the member of site2.com and site3.com.
|
by: Pouria |
last post by:
Hi,
Does anyone have any experience with single sign on for .Net windows
applications or windows services? So the idea is to be able to use the
user credentials from logging into windows to authenticate the user
for using a windows application or windows service. I have found some
information on the web on how this can be done for a web application
(which relies on internet explorer for the most part) but nothing for
windows...
|
by: hamarsheh |
last post by:
Hi everbody!
i need single sign on software for our php website , For all application, because we used visual basic and php, and another things so we need software to do single sign on , that the user logs once to his page , and logs out when ever he want .
as i said this software must be for all application i mean it shoud not be written by aprogramming language , i;m looking for this product , but till now i found software under the name...
|
by: Phillip B Oldham |
last post by:
Are there any FOSS Python Single-Sign-on Servers?
We're looking to centralise the sign-on for our numerous "internal"
webapps (across multiple servers, languages, and domains) to speed
user management and application development.
I've searched around but can only seem to find OpenID servers, which
will probably be too "open" for our needs. Coding one up would
possibly take more time than we have, and we'd prefer something
maintained...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
