Is there is standard or trusted SSO framework or library for .net? Something that implements SSO so that a user logging into and out of website1.com will be logged into and out of website2.com.... websiteN.com?
So far I have found many articles that show how we might create our own implementation, but was wondering if there is a standard that we can use. Most importantly something that has considered security issues.
Thanks, it looks like WIF is what I should be looking in to, although it looks way more complicated and has much more features than what I'll ever need.
About security, this solution essentially uses just the "original" authorization cookies so it should add no security risk overhead, and should be much more lightweight than the usual "redirect" ideas. But is just an analysis I still don't have the code.
Btw take a look maybe you find it interesting and want to try this route.
Thanks, it looks like WIF is what I should be looking in to, although it looks way more complicated and has much more features than what I'll ever need.
It has a lot of features, yes, but each layer provides a better approach to what we had/used previously. Also, in .NET 4.5 every identity in the framework will inherit from ClaimsIdentity so in a sense this is coming whether you want it or not :)
beetledev
Member
750 Points
173 Posts
Standard SSO framework/library for .net?
May 19, 2012 12:34 AM|LINK
Is there is standard or trusted SSO framework or library for .net? Something that implements SSO so that a user logging into and out of website1.com will be logged into and out of website2.com.... websiteN.com?
So far I have found many articles that show how we might create our own implementation, but was wondering if there is a standard that we can use. Most importantly something that has considered security issues.
BrockAllen
All-Star
27434 Points
4891 Posts
MVP
Re: Standard SSO framework/library for .net?
May 19, 2012 12:39 AM|LINK
A similar question was just asked the other day. The short answer is "look into WIF".
I suppose the other answer would be if you're looking for SSO on the web (with your gmail) then two other thoughts come to mind:
ACS and .NETOpenAuth.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
beetledev
Member
750 Points
173 Posts
Re: Standard SSO framework/library for .net?
May 20, 2012 07:16 PM|LINK
Thanks, it looks like WIF is what I should be looking in to, although it looks way more complicated and has much more features than what I'll ever need.
manight
Member
59 Points
60 Posts
Re: Standard SSO framework/library for .net?
May 20, 2012 08:44 PM|LINK
Take a look at the solution I proposed just today here:
http://forums.asp.net/t/1805511.aspx/1?SSO+for+crossdomain+apps+in+the+same+server+without+redirects
About security, this solution essentially uses just the "original" authorization cookies so it should add no security risk overhead, and should be much more lightweight than the usual "redirect" ideas. But is just an analysis I still don't have the code. Btw take a look maybe you find it interesting and want to try this route.
BrockAllen
All-Star
27434 Points
4891 Posts
MVP
Re: Standard SSO framework/library for .net?
May 22, 2012 12:05 AM|LINK
It has a lot of features, yes, but each layer provides a better approach to what we had/used previously. Also, in .NET 4.5 every identity in the framework will inherit from ClaimsIdentity so in a sense this is coming whether you want it or not :)
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/