Last post Oct 13, 2016 06:32 AM by Brando ZWZ
Oct 12, 2016 11:43 PM|MGuser|LINK
I have an existing asp.net application. We are trying to build a SSO functionality into it where our client would SSO into our application using a link on their side.
Our website uses forms authentication for all our users to login. In this scenario I get the username (authenticated user at client end) when the client user does an SSO but I need to bypass the authentication for the user to be able to navigate through
our website. I maintian a mapping of usernames between the client and our database. Is it possible to authenticate the user without knowing his password?
Oct 13, 2016 06:32 AM|Brando ZWZ|LINK
Is it possible to authenticate the user without knowing his password?
As far as I know, it is easily to achieve.
For example, you use identity, you could use the usermanager to find the user by name.
If you have a record then just sign them in.
More details, you could refer to follow codes:
var user = await UserManager.FindByNameAsync(name);// find user by name
if (user != null)
await SignInManager.SignInAsync(user, true, true);//Sign in the user
But I think the most important thing is how to pass userid form SSO site to your web site.
I suggest you could encrypt the userid content and pass it though post method.