By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
448,956 Members | 1,221 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 448,956 IT Pros & Developers. It's quick & easy.

Single Sign On / Authentication System?

P: n/a
Hi all,

I'm looking to implement a single sign on solution for .NET applications.
This single sign on solution will need to work against a variety of back-
end databases (i.e. SQL (mainly), Active Directory (some), Custom Data
Sources (XML, MDB, Custom Web Service, etc).

Is there any sample code on implementing a simple single sign on service?

The app would need:

-Log in Users from the web, desktop clients, custom applications, etc.
-Have granular permissions
-Be compatible with other web services, desktop apps, and remoting
(basically any sort of client/server)
-Have the ability to add trusted sites (i.e. servers, viewer consoles,
etc)
-Work with .NET 1.1 (most of our apps are still 1.1)

I was thinking of doing the following:

1. Build a security web service
2. Users would log into a web service to retrieve a token
3. Once a token is retrieve, it is used for all future communications
4. Applications check security against the security service via the Token
i.e.: CheckPermission(ByVal Token as GUID, ByVal Permission as String) as
Boolean
5. The Web Service would manage a list of valid tokens (time outs,
errors, etc)

Ecryption would be done primarily on the transport layer - but the token
could be encrypted too.

What do you guys think about this solution? It's simple... However, how
do you handled "trusted" sources?

Even better would be for me to find something that was prebuilt :-)


Sep 22 '06 #1
Share this Question
Share on Google+
2 Replies


P: n/a
"Spam Catcher" <sp**********@rogers.comwrote
>
I'm looking to implement a single sign on solution for .NET applications.
This single sign on solution will need to work against a variety of back-
end databases (i.e. SQL (mainly), Active Directory (some), Custom Data
Sources (XML, MDB, Custom Web Service, etc).

Is there any sample code on implementing a simple single sign on service?
The technology you're looking for is called GSSAPI. In Windows land it's
often shortened to "SSPI".

If you're doing this in .Net, you're going to be stuck writing Mixed Mode
C++. There's no way to do everything you need to do in C#, as it's all
dynamic DLL Loading, and structures full of function pointers.

There is all sorts of sample documentation on the Platform Sdk. The gist of
it is going to be:
- Use LoadLibrary to load Security.dll
- Lookup the address for InitSecurityInterfaceW to get the list address to
call to find out more information
- Call this method to get the structure full of function pointers to use
- Call the QuerySecurityPackageInfo function pointer method
- Call: AcquireCredentialsHandle, AcceptSecurityContext and
CompleteAuthToken to log users in.

In general, it was a pain in the butt to implement, but our users really
like having Windows based Single-Sign on.

--
Chris Mullins, MCSD.NET, MCPD:Enterprise
http://www.coversant.net/blogs/cmullins
Sep 24 '06 #2

P: n/a
"Chris Mullins" <cm******@yahoo.comwrote in news:#OzMzI33GHA.2424
@TK2MSFTNGP06.phx.gbl:
In general, it was a pain in the butt to implement, but our users really
like having Windows based Single-Sign on.
I've been doing a bit more research... how about the new AzMan stuff in
Windows 2003 / 2000 SP4? Do you think that would suffice for a single-sign
on solution?

Sep 24 '06 #3

This discussion thread is closed

Replies have been disabled for this discussion.