Last post Feb 03, 2015 09:31 PM by Andriod
Jan 30, 2015 01:46 AM|rohitpundlik|LINK
We have number of websites for different products
Now, we are making independent Email product/website which can be accessed from any of the websites OR Projects listed above.
In Email product we Do not want to provide login functionality OR login window; user should automatically login into it ? We have our separate email product database also.
So, here which will be the best way to authenticate the user in email product ?
1. We are deciding will generate the 'SecretKey' based on the parameters send by the user (Like EmailAddress, ClientName, ProductName etc.). This secret key will be used for the entire user session.
If this is not the best way; then what else approach we can go for ??
Thanks in advance !
Feb 03, 2015 02:54 AM|lextm|LINK
Microsoft has already published a general framework named ASP.NET Identity to provide you options to extend the functionality,
You can either hook to external authentication services, or build your own.
Feb 03, 2015 04:47 AM|Andriod|LINK
What's the scenario here? Based on my understanding, seems the scenario is customers log in any of the websites like
www.atsproduct.com with their credentials, then redirect to a separate website, like Email product website, and try to make purchase with the credentials from other websites because no login in Email product website?
If you need some more knowledge about Security Best Practices for ASP.NET, you can check the thread posted below:
Feb 03, 2015 09:31 PM|Andriod|LINK
I think one of the ways to implement this is to use Single Sign On (SSO).
Please take a look at the following two articles, in which, some solutions and implementation were given for the following scenarios:
1) Two sites have the same domains and same sub domains
2) Two sites have the same domains but different sub domains
3) Share the authentication cookie across multiple domains (this should be your request, right?)
Single Sign On (SSO) for cross-domain ASP.NET applications: Part-I - The design blue print
Single Sign On (SSO) for cross-domain ASP.NET applications: Part-II - The implementation