For a Single Sign on process i want to know if this scenario is possible:
I have a web application "A" written in php for example and another application "B" in ASP.NET (My application) on different servers and different url's.
What I want to accomplish is when a user logon to app "A" another session will be automatically created at app "B" for that user.
My idea was to create a WebService at app "B" that creates the session for that user that will be called from app "A" when the user logon.
Okay i tried answering you in the other thread so ill try here aswell :)
Make a webservice in application B, in this webservice create your session for example:
Session["Test"] = "Succesfull";
Then when a user logs in at application A (succesfully) call the webservice in application B. This way you will have started a session for this user. Actually thinking about it now this won't work, since the session will be made for application A, meaning
the User has no way of getting into session that should be assigned to him/her.
Hmm sorry to have "wasted" your time maybe some one else here has any ideas (only thing i can think of atm is a stateserver that works with Application A and B)
Greetings,
F.B. ten Kate
ps. Don't forget to mark helpfull replies as answer
Yes, you are exactly right and understood my problem and again thank you for trying to help!
The WebService is called at server side.
Maybe there is way to somehow simulate a user request to from application A to B, by sending from A to B WebService all of the request data and create the session for the user.
Okay, i have no idea if this is possible since i haven't done it myself but i would think something in the lines of:
Login on Application A
Create Session on Application B and give back a SessionID to application A (no idea if sessions have id's but i'd think they do)
Create a Cookie with the SessionId in Application A.
When someone visits Application B after beeing redirected there from Application A (you can check for this for sure) you check the cookie and load the proper session.
If it's two ASP.net Pages ofc you could use a StateServer i think (haven't got alot of experience in the matter but that's what they can be used for afaik) But since it's PHP and ASP.net they both use different ways of storing sessions. Another way to do
this btw and probebly a cleaner way is to use a database instead of sessions.
What i mean is the following:
When a user logs in on application A info get's send to application B and application B put's this info into a Database table, application A still makes the cookie and when a user travels to application B after beeing redirected from application A, application
B will load the cookie, get the info from the database, fill the session and then delete the record from the database. Same thing should happen if a users closes application A. What i mean with closing is that as far as i know in ASP.net there is a Session_End()
event or something along these lines, indicating a timeout (user stopped using the page) when this times out a message should be send to application B to delete the right record.
There might be better ways of doing this but the last example i gave you i'm 99,9% sure will work for what you are trying to accomplish not sure how ever if it's a work around or the only way to accomplish this ^^
If this still doesn't do what you require or if something is unclear don't hesitate to ask :)
Greetings,
F.B. ten Kate
ps. Don't forget to mark helpfull replies as answer
This is a nice idea, the only problem is that app A cannot read cookies from app and opposite since the on different domains.
But There are many solutions for SSO Process, like the solution I mentiond in my first post which
I only need to know if its possible to simulate creation of a user session.
To solve this I think I will need to dig very deep into the core of session creation in asp.net.
I don't use cookies to often but they are stored clientside so i'd think that both applications could read eachother cookies, aslong as they know the name. Anyhow i'm sure you can create a userlogin.. or well simulate it, the problem is some how getting
that session back and linked to the visiter. I used cookies to make this link in my example i suppose you could also do this but using querystring is all links that link from app a to app b.
Anyhow i am hardly an expert on the subject i wish you alot of luck, if you manage to get it sorted be sure to post here how so others can read and learn something ^^
Greetings,
F.B. ten Kate
ps. Don't forget to mark helpfull replies as answer
NirSidi
Member
138 Points
53 Posts
Create Session programmaticly for Single Sign On process
Jan 06, 2009 03:38 PM|LINK
Hi,
For a Single Sign on process i want to know if this scenario is possible:
I have a web application "A" written in php for example and another application "B" in ASP.NET (My application) on different servers and different url's.
What I want to accomplish is when a user logon to app "A" another session will be automatically created at app "B" for that user.
My idea was to create a WebService at app "B" that creates the session for that user that will be called from app "A" when the user logon.
I found some other ways to create a Single Sign On like mentioned here: http://www.codeproject.com/KB/web-security/CrossDomainAuthentication.aspx
But i want to know if this scenario is possible
F.B. ten Kat...
Member
612 Points
149 Posts
Re: Create Session programmaticly for Single Sign On process
Jan 06, 2009 09:41 PM|LINK
Okay i tried answering you in the other thread so ill try here aswell :)
Make a webservice in application B, in this webservice create your session for example:
Session["Test"] = "Succesfull";
Then when a user logs in at application A (succesfully) call the webservice in application B. This way you will have started a session for this user. Actually thinking about it now this won't work, since the session will be made for application A, meaning the User has no way of getting into session that should be assigned to him/her.
Hmm sorry to have "wasted" your time maybe some one else here has any ideas (only thing i can think of atm is a stateserver that works with Application A and B)
F.B. ten Kate
ps. Don't forget to mark helpfull replies as answer
NirSidi
Member
138 Points
53 Posts
Re: Create Session programmaticly for Single Sign On process
Jan 07, 2009 04:37 AM|LINK
Yes, you are exactly right and understood my problem and again thank you for trying to help!
The WebService is called at server side.
Maybe there is way to somehow simulate a user request to from application A to B, by sending from A to B WebService all of the request data and create the session for the user.
Any one has an idea?
F.B. ten Kat...
Member
612 Points
149 Posts
Re: Create Session programmaticly for Single Sign On process
Jan 07, 2009 09:24 AM|LINK
Okay, i have no idea if this is possible since i haven't done it myself but i would think something in the lines of:
Login on Application A
Create Session on Application B and give back a SessionID to application A (no idea if sessions have id's but i'd think they do)
Create a Cookie with the SessionId in Application A.
When someone visits Application B after beeing redirected there from Application A (you can check for this for sure) you check the cookie and load the proper session.
If it's two ASP.net Pages ofc you could use a StateServer i think (haven't got alot of experience in the matter but that's what they can be used for afaik) But since it's PHP and ASP.net they both use different ways of storing sessions. Another way to do this btw and probebly a cleaner way is to use a database instead of sessions.
What i mean is the following:
When a user logs in on application A info get's send to application B and application B put's this info into a Database table, application A still makes the cookie and when a user travels to application B after beeing redirected from application A, application B will load the cookie, get the info from the database, fill the session and then delete the record from the database. Same thing should happen if a users closes application A. What i mean with closing is that as far as i know in ASP.net there is a Session_End() event or something along these lines, indicating a timeout (user stopped using the page) when this times out a message should be send to application B to delete the right record.
There might be better ways of doing this but the last example i gave you i'm 99,9% sure will work for what you are trying to accomplish not sure how ever if it's a work around or the only way to accomplish this ^^
If this still doesn't do what you require or if something is unclear don't hesitate to ask :)
F.B. ten Kate
ps. Don't forget to mark helpfull replies as answer
NirSidi
Member
138 Points
53 Posts
Re: Create Session programmaticly for Single Sign On process
Jan 07, 2009 08:27 PM|LINK
This is a nice idea, the only problem is that app A cannot read cookies from app and opposite since the on different domains.
But There are many solutions for SSO Process, like the solution I mentiond in my first post which
I only need to know if its possible to simulate creation of a user session.
To solve this I think I will need to dig very deep into the core of session creation in asp.net.
F.B. ten Kat...
Member
612 Points
149 Posts
Re: Create Session programmaticly for Single Sign On process
Jan 08, 2009 08:31 AM|LINK
I don't use cookies to often but they are stored clientside so i'd think that both applications could read eachother cookies, aslong as they know the name. Anyhow i'm sure you can create a userlogin.. or well simulate it, the problem is some how getting that session back and linked to the visiter. I used cookies to make this link in my example i suppose you could also do this but using querystring is all links that link from app a to app b.
Anyhow i am hardly an expert on the subject i wish you alot of luck, if you manage to get it sorted be sure to post here how so others can read and learn something ^^
F.B. ten Kate
ps. Don't forget to mark helpfull replies as answer