ASP.NET Membership Provider - Single Sign-On

Question

ASP.NET Membership Provider - Single Sign-On

I am considering using the ASP.NET membership provider for several different web applications / tools with a single login approach.

NEEDS

The user registers with my.domain.com and sees a list of applications / tools that they have permission to use. The user selects the tool that they would like to use and clicks the link. When the tool opens, it can determine that they are currently logged in, and who should identify any unique permissions for the application.

I know that each application can simply point to the same base base of membership providers, however, will each login require a login or can it determine if the user has already been registered?

+7

security asp.net asp.net-mvc asp.net-membership membership-provider

RSolberg Feb 10 '10 at 20:48

source share

3 answers

You want to create a shared machineKey section to share between all sites.
You need to make sure that the application names are identical.
You need to make sure the connection strings are identical.
You need to make sure allowCrossAppRedirects in the form element is enabled

+1

Sky sanders Feb 17 '10 at 19:05

source share

If the tools are in the same domain / subdomain, you will not have problems. This is a limitation using cookies used to store a user's registered token. If you need a cross-domain unified login, you can browse the Windows Identity Foundation .

0

Branislav abadjimarinov Feb 10 '10 at 20:51

source share

David · Accepted Answer · 2010-02-10T20:51:36+0000

Each application can use the same login if the application name is the same and they point to the same database.

See the answer here: http://forums.asp.net/t/1322863.aspx for more details.

Edit - Added

It also covers:

http://msdn.microsoft.com/en-us/library/ms998347.aspx

ASP.NET Membership Provider - Single Sign-On

More articles: