|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
single sign on from web to smart clientHi. I am looking for a way to implement a single sign on process for
going from a web site to a smart client. The website currently uses forms authentication. The smart client is on a different website and I want to pass the authentication from my web site to the smart client without having to log in again. Does anyone have any suggestions? Thanks. Dave Please note that I am using Integrated Authentication and a custom user
database. thatsastound***@gmail.com wrote: Show quoteHide quote > Hi. I am looking for a way to implement a single sign on process for > going from a web site to a smart client. The website currently uses > forms authentication. The smart client is on a different website and I > want to pass the authentication from my web site to the smart client > without having to log in again. > > Does anyone have any suggestions? Thanks. > > > > Dave What does it mean that you are using forms authentication and also using
integrated authentication. Typically, you use one or the other. What does the "sign on" in the smart client do? Does it access some web services or something? It isn't really clear at all what you have going on here. Joe K. -- Show quoteHide quoteJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- <thatsastound***@gmail.com> wrote in message news:1154635419.694518.193090@75g2000cwc.googlegroups.com... > Please note that I am using Integrated Authentication and a custom user > database. > > > thatsastound***@gmail.com wrote: >> Hi. I am looking for a way to implement a single sign on process for >> going from a web site to a smart client. The website currently uses >> forms authentication. The smart client is on a different website and I >> want to pass the authentication from my web site to the smart client >> without having to log in again. >> >> Does anyone have any suggestions? Thanks. >> >> >> >> Dave > Sorry.
I use forms authentication. However, I have custom code that checks to see if the current windows user has permission to view the site. If this fails, the user is redirected to a log in page where they can log in using a username and password (from a custom user table) to be authenticated. So at this point the user is signed into our application at: http://localhost/WebApp. They navigate to a page that has a link to a smart client. The smart client link points to http://localhost/SmartClient/Smartclient.application. The smart client uses webservices located at http://localhost/SmartClient/services. Since the user already logged in to http://localhost/WebApp, I don't want them to log in again from the smart client. I do want the webservices on the http://localhost/SmartClient to be secure. My question is how can I pass the credentials from the web app to the smart client so I can have secure web services? Thanks. Dave Joe Kaplan (MVP - ADSI) wrote: Show quoteHide quote > What does it mean that you are using forms authentication and also using > integrated authentication. Typically, you use one or the other. What does > the "sign on" in the smart client do? Does it access some web services or > something? It isn't really clear at all what you have going on here. > > Joe K. > > -- > Joe Kaplan-MS MVP Directory Services Programming > Co-author of "The .NET Developer's Guide to Directory Services Programming" > http://www.directoryprogramming.net > -- > <thatsastound***@gmail.com> wrote in message > news:1154635419.694518.193090@75g2000cwc.googlegroups.com... > > Please note that I am using Integrated Authentication and a custom user > > database. > > > > > > thatsastound***@gmail.com wrote: > >> Hi. I am looking for a way to implement a single sign on process for > >> going from a web site to a smart client. The website currently uses > >> forms authentication. The smart client is on a different website and I > >> want to pass the authentication from my web site to the smart client > >> without having to log in again. > >> > >> Does anyone have any suggestions? Thanks. > >> > >> > >> > >> Dave > > Ok, that makes more sense. Thanks for the details. There is actually a
completely beautiful integrated way to build something like this coming in the future using technologies like WS-Federation (ADFS) and WCF, but some parts of that aren't really there yet. I won't bother to explain any of those details unless you are curious, as some of it isn't shipping yet and thus it won't help you. :) So, basically your web app is a hybrid forms/windows auth app. Your smart client uses web services to hit the backend and you'd like users authenticated to the web app to be able to access the web services with a unified security model and SSO. Basically, the mechanisms you have available to you on the web app are cookies and query strings. What you probably want to do is roll your own SSO token that you encrypt and sign on the server and pass that back to the web browsers via a cookie. This could be based on the forms authentication ticket or your own thing. The main thing would be to decide how to set up you web services to accept this token. You might use a framework like WSE3 for doing this with WS-Security, or you could role your own thing. I'm also not totally sure how you pass the data from the web app to the smart client application, as I don't know what (if any) means you have available for that. But, the basic premise is that since you can't use Windows security for all of your clients, you either need to use a similar hybrid design like you have the web site, or you need to use something like a forms auth cookie for both types of clients to support them uniformly. I hope that helps give you some ideas. Joe K. -- Show quoteHide quoteJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- <thatsastound***@gmail.com> wrote in message news:1154640269.983741.95100@h48g2000cwc.googlegroups.com... > Sorry. > > I use forms authentication. However, I have custom code that checks to > see if the current windows user has permission to view the site. If > this fails, the user is redirected to a log in page where they can log > in using a username and password (from a custom user table) to be > authenticated. > > So at this point the user is signed into our application at: > http://localhost/WebApp. They navigate to a page that has a link to a > smart client. The smart client link points to > http://localhost/SmartClient/Smartclient.application. The smart client > uses webservices located at http://localhost/SmartClient/services. > > Since the user already logged in to http://localhost/WebApp, I don't > want them to log in again from the smart client. I do want the > webservices on the http://localhost/SmartClient to be secure. > > My question is how can I pass the credentials from the web app to the > smart client so I can have secure web services? > > > Thanks. > > Dave > > > > > Joe Kaplan (MVP - ADSI) wrote: >> What does it mean that you are using forms authentication and also using >> integrated authentication. Typically, you use one or the other. What >> does >> the "sign on" in the smart client do? Does it access some web services >> or >> something? It isn't really clear at all what you have going on here. >> >> Joe K. >> >> -- >> Joe Kaplan-MS MVP Directory Services Programming >> Co-author of "The .NET Developer's Guide to Directory Services >> Programming" >> http://www.directoryprogramming.net >> -- >> <thatsastound***@gmail.com> wrote in message >> news:1154635419.694518.193090@75g2000cwc.googlegroups.com... >> > Please note that I am using Integrated Authentication and a custom user >> > database. >> > >> > >> > thatsastound***@gmail.com wrote: >> >> Hi. I am looking for a way to implement a single sign on process for >> >> going from a web site to a smart client. The website currently uses >> >> forms authentication. The smart client is on a different website and >> >> I >> >> want to pass the authentication from my web site to the smart client >> >> without having to log in again. >> >> >> >> Does anyone have any suggestions? Thanks. >> >> >> >> >> >> >> >> Dave >> > > 
Other interesting topics
Problems accessing the ASPNETDB.MDF file
Have a NTAccount, need FileSystem permissions Machine hops - Basic Authentication security warning in self signed certificate Assigning Strong Name to COM dlls Access Private Key File From X509 Certificate Can SslStream be set to ignore invalid certificates? authentication against adsi/ldap HttpWebRequest Fails When Run as Non-Admin Account On Vista deploying executable to network to be ran in logon script |
|||||||||||||||||||||||
