Hi all,
I'm looking to implement a single sign on solution for .NET applications.
This single sign on solution will need to work against a variety of back-
end databases (i.e. SQL (mainly), Active Directory (some), Custom Data
Sources (XML, MDB, Custom Web Service, etc).
Is there any sample code on implementing a simple single sign on service?
The app would need:
-Log in Users from the web, desktop clients, custom applications, etc.
-Have granular permissions
-Be compatible with other web services, desktop apps, and remoting
(basically any sort of client/server)
-Have the ability to add trusted sites (i.e. servers, viewer consoles,
etc)
-Work with .NET 1.1 (most of our apps are still 1.1)
I was thinking of doing the following:
1. Build a security web service
2. Users would log into a web service to retrieve a token
3. Once a token is retrieve, it is used for all future communications
4. Applications check security against the security service via the Token
i.e.: CheckPermission(ByVal Token as GUID, ByVal Permission as String) as
Boolean
5. The Web Service would manage a list of valid tokens (time outs,
errors, etc)
Ecryption would be done primarily on the transport layer - but the token
could be encrypted too.
What do you guys think about this solution? It's simple... However, how
do you handled "trusted" sources?
Even better would be for me to find something that was prebuilt :-)