Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Jan 08, 2009 08:31 AM by F.B. ten Kate
Jan 06, 2009 03:38 PM|LINK
For a Single Sign on process i want to know if this scenario is possible:
I have a web application "A" written in php for example and another application "B" in ASP.NET (My application) on different servers and different url's.
What I want to accomplish is when a user logon to app "A" another session will be automatically created at app "B" for that user.
My idea was to create a WebService at app "B" that creates the session for that user that will be called from app "A" when the user logon.
I found some other ways to create a Single Sign On like mentioned here:
But i want to know if this scenario is possible
Jan 06, 2009 09:41 PM|LINK
Okay i tried answering you in the other thread so ill try here aswell :)
Make a webservice in application B, in this webservice create your session for example:
Session["Test"] = "Succesfull";
Then when a user logs in at application A (succesfully) call the webservice in application B. This way you will have started a session for this user. Actually thinking about it now this won't work, since the session will be made for application A, meaning
the User has no way of getting into session that should be assigned to him/her.
Hmm sorry to have "wasted" your time maybe some one else here has any ideas (only thing i can think of atm is a stateserver that works with Application A and B)
Jan 07, 2009 04:37 AM|LINK
Yes, you are exactly right and understood my problem and again thank you for trying to help!
The WebService is called at server side.
Maybe there is way to somehow simulate a user request to from application A to B, by sending from A to B WebService all of the request data and create the session for the user.
Any one has an idea?
Jan 07, 2009 09:24 AM|LINK
Okay, i have no idea if this is possible since i haven't done it myself but i would think something in the lines of:
Login on Application A
Create Session on Application B and give back a SessionID to application A (no idea if sessions have id's but i'd think they do)
Create a Cookie with the SessionId in Application A.
When someone visits Application B after beeing redirected there from Application A (you can check for this for sure) you check the cookie and load the proper session.
If it's two ASP.net Pages ofc you could use a StateServer i think (haven't got alot of experience in the matter but that's what they can be used for afaik) But since it's PHP and ASP.net they both use different ways of storing sessions. Another way to do
this btw and probebly a cleaner way is to use a database instead of sessions.
What i mean is the following:
When a user logs in on application A info get's send to application B and application B put's this info into a Database table, application A still makes the cookie and when a user travels to application B after beeing redirected from application A, application
B will load the cookie, get the info from the database, fill the session and then delete the record from the database. Same thing should happen if a users closes application A. What i mean with closing is that as far as i know in ASP.net there is a Session_End()
event or something along these lines, indicating a timeout (user stopped using the page) when this times out a message should be send to application B to delete the right record.
There might be better ways of doing this but the last example i gave you i'm 99,9% sure will work for what you are trying to accomplish not sure how ever if it's a work around or the only way to accomplish this ^^
If this still doesn't do what you require or if something is unclear don't hesitate to ask :)
Jan 07, 2009 08:27 PM|LINK
This is a nice idea, the only problem is that app A cannot read cookies from app and opposite since the on different domains.
But There are many solutions for SSO Process, like the solution I mentiond in my first post which
I only need to know if its possible to simulate creation of a user session.
To solve this I think I will need to dig very deep into the core of session creation in asp.net.
Jan 08, 2009 08:31 AM|LINK
that session back and linked to the visiter. I used cookies to make this link in my example i suppose you could also do this but using querystring is all links that link from app a to app b.
Anyhow i am hardly an expert on the subject i wish you alot of luck, if you manage to get it sorted be sure to post here how so others can read and learn something ^^