Last post Jul 30, 2018 09:48 AM by Brando ZWZ
Jul 27, 2018 06:24 PM|sbrazier|LINK
I need to create a Web-Service Layer that will be utilized between an outside vender and my webservice.
The network transmissions between this webservice and vendor will be handled over the TLS 1.2 protocol. Network traffic in and out of the web service layer will require whitelisting to only allow communications with approved systems.
A standard set of parameters will be passed on the web service request and responses which will identify the caller, responder and status of the transaction. A
valid SSO Token will first be requested by the vendor and provided by my web service on an initial call to
GetToken. This token is then required for subsequent calls. It is expected that the calling application will request a new token for each set of individual requests made to the web service. However, a token shall remain valid for up to 15
minutes to allow for long running processes from the calling application which may require several web service calls to this web service Multiple tokens shall be allowed at one time to allow for multiple users using the vendors system
I'm trying to figure out how do this SSO token, what to use to accomplish this. Can someone point me in the right direction? My confusion is coming from the vendor has specified they would me sending me a callerID (x char string) to GetToken and I would
return the SSO Token back. Calls made after that would be sending the SSO Token back via query. All the references I have seem refers to the token being sent back via the header. I'm just getting confused on how to start. Any help/ references/ samples would
be greatly appreciated.
Jul 30, 2018 09:48 AM|Brando ZWZ|LINK
As far as I know, the SSO means the "single sign on".
Single sign-on (SSO) is a property of access control of multiple related, yet independent, software systems.
With this property, a user logs in with a single ID and password to gain access to a connected system or systems without using different usernames or passwords, or in some configurations seamlessly sign on at each system. This is typically
accomplished using the Lightweight Directory Access Protocol (LDAP) and stored LDAP databases on (directory) servers. A simple version of single sign-on can be achieved over IP networksusing cookies but only if the sites share a common DNS parent domain.
According to your description, I found you just need genereate the token for the user access one web api.
This is no need for SSO token, we could just generate a basic token for using.
If this is your requirement, I suggest you could consider using asp.net identity.
It has already write the logic to genreate the token in web api(include the token timeout).
About how to use it, you could refer to below article.