Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP .Net Security (http://www.velocityreviews.com/forums/f62-asp-net-security.html)
-   -   SSO (http://www.velocityreviews.com/forums/t770005-sso.html)

AM 12-26-2008 06:50 PM

SSO
 
Hi All,
I know this question has been posted many times in this group and I did went
through and implemented the solution in my ASP.Net 2.0 Internet facing
application

I am using
IIS for integrated authentication
and ASP.NET for Windows authentication (<authentication mode="Windows" />)
as Dominick Suggested.
It works as expected, I sign into one app and I can go to my app2 and I am
already logged in

My Apps are set as follow
www.mydomain.com/app1
www.mydomain.com/app2
www.mydomain.com/app3

I am able to navigate to all 3 apps, back and forth without any issue.
The problem is my data is very sensitive, I want to make sure that once
users session times out after 15 minutes of inactivity the authentication
should be timed out too, meaning after 15 minutes of inactivity all my
session are cleared and I want user to be asked to re-login after sesson
expires.

In this case even after one hour of inactivity user can click on menu and it
will not ask him to relogin.
Is there any setting at AD level that I can set?

I am open for any other suggestion which does not require any form of cookies.

Thanks
AM


Joe Kaplan 12-27-2008 05:27 PM

Re: SSO
 
Unfortunately, integrated Windows authentication is not designed to work
that way, so there isn't a really clean way to accomplish that.

Forms authentication typically supports things like idle timeout, but with
it you lose the SSO experience.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"AM" <AM@discussions.microsoft.com> wrote in message
news:7C5F5C06-7A2C-4D84-875E-A1F7945B8799@microsoft.com...
> Hi All,
> I know this question has been posted many times in this group and I did
> went
> through and implemented the solution in my ASP.Net 2.0 Internet facing
> application
>
> I am using
> IIS for integrated authentication
> and ASP.NET for Windows authentication (<authentication mode="Windows" />)
> as Dominick Suggested.
> It works as expected, I sign into one app and I can go to my app2 and I am
> already logged in
>
> My Apps are set as follow
> www.mydomain.com/app1
> www.mydomain.com/app2
> www.mydomain.com/app3
>
> I am able to navigate to all 3 apps, back and forth without any issue.
> The problem is my data is very sensitive, I want to make sure that once
> users session times out after 15 minutes of inactivity the authentication
> should be timed out too, meaning after 15 minutes of inactivity all my
> session are cleared and I want user to be asked to re-login after sesson
> expires.
>
> In this case even after one hour of inactivity user can click on menu and
> it
> will not ask him to relogin.
> Is there any setting at AD level that I can set?
>
> I am open for any other suggestion which does not require any form of
> cookies.
>
> Thanks
> AM
>




All times are GMT. The time now is 04:06 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.