custom token in asp.net

[Guest]

hi there,

Anybody knows how to create and use custom token in asp.net?
Where can I find reference and samples?

TIA.

 

[Jan Tielens]

A token? In which context: a security token?

 

[Guest]

Yes, a security token.
It can be used like a windows token except it is constructed by the
application.
I would like to use it as a way to do the single signon.

Any ideas?
TIA.

 

[Patrice]

You could try :
http://msdn.microsoft.com/asp.net/u...l=/library/en-us/dnaspp/html/singlesignon.asp

Patrice

 

[Guest]

Thanks! This is a good article.
But what I would like to implement is a Single Sign-On solution for the
public web sites which involve many different public accessible web
applications.
This is for a community and we would like to have users register once then
they can access different Single Sign-On enabled web applications without
entering id & password every time.

Any ideas about this?
Thanks!

 

[Patrice]

If you want to reuse something you could start by checking if Passport
authentication fits your needs : see
http://support.microsoft.com/default.aspx?scid=kb;en-us;315734
If not what exact point is a problem in the article below (are all sites
under your control ?, in the worst case you could expose single sign on as a
web service) ?

If you mean that you want single sign on for web applications that are not
intended to do so, I'm not sure it's worth to try ("hacking" depending on
how login information is submitted to these services, having just IE
remembering the password ?)

Patrice

 

[Guest]

Patrice,

I think the problem here is how to keep the "token" between different web
applications so the user can logon once and navigate to another web
application without propmted for userid & password.
And these web applications will be designed to use single sign-on if this
can be done.
In an intranet scenario, I can rely on IE (Netscape is not concern in this
scenario) to keep the "token" using windows integrated authentication. But
in an internet scenario, I am not sure which method I should use or could
use.
Is there a way to mimic windows integrated by using form authentication?

Thanks,
J

 

[JH]

You may want to look into sharing session state variables and information
across applications using SQL serever.

 

[Patrice]

I would keep this in a cookie. Bascially the scenario could be something
such as :

- if not authenticated goes to the login form (that is on its own site)
- it writes a cookie when authenticated
- it returns a user id or whatever is needed to the calling site

On another site, when not authenticated it goes to the login form. This form
sees that the user is already authenticated using the cookie and returns
directly then to the calling site with the appropriate info.

Passing from a site to another is done with redirections...

You may still want to look at Passport to see if they describe how it's
done...

Patrice