Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > A newbie question on SSO

Reply
Thread Tools

A newbie question on SSO

 
 
Holysmoke
Guest
Posts: n/a
 
      10-08-2004
Hi,

I am trying to implement a SSO using FormsAuthentication for all my
applications.
When Authenticated, I am saving ApplicationID and RoleID in CSV form and
store it on the cookie.

Here is the sequence of events I try to implement

When an user requests an web application for the first time, he/she is
redirected to my SSO Web application
which does authentication and retrieves list of applications and its
respective roles and store on the ticket/cookie.

When the user requests a new web application (ie., when he/she changes to
the new url)
I would like to pass the Ticket(cookie) which I have created before to a web
service and check this user
has some role to this application or not.

For implementing this logic,
I would like to know which global.asax event should I use? I see
OnAuthenticationRequest event but don't know
how to use it. Can you explain how that event works as I see little
documentation about it in MSDN.

I appreciate your help and comments,

Holy
 
Reply With Quote
 
 
 
 
Hernan de Lahitte
Guest
Posts: n/a
 
      10-08-2004
Hi Holy,

Here is a post that will show you SSO with Forms Authentication.

http://weblogs.asp.net/hernandl/arch...formsauth.aspx

If you want further insight about roles management with forms, check out
these links as well.

http://weblogs.asp.net/hernandl/arch...hRolesRev.aspx
http://weblogs.asp.net/hernandl/arch...uthRoles2.aspx

Regards.
--
Hernan de Lahitte
Lagash Systems S.A.
http://www.lagash.com
http://weblogs.asp.net/hernandl

"Holysmoke" <(E-Mail Removed)> escribió en el mensaje
news:(E-Mail Removed)...
> Hi,
>
> I am trying to implement a SSO using FormsAuthentication for all my
> applications.
> When Authenticated, I am saving ApplicationID and RoleID in CSV form and
> store it on the cookie.
>
> Here is the sequence of events I try to implement
>
> When an user requests an web application for the first time, he/she is
> redirected to my SSO Web application
> which does authentication and retrieves list of applications and its
> respective roles and store on the ticket/cookie.
>
> When the user requests a new web application (ie., when he/she changes to
> the new url)
> I would like to pass the Ticket(cookie) which I have created before to a
> web
> service and check this user
> has some role to this application or not.
>
> For implementing this logic,
> I would like to know which global.asax event should I use? I see
> OnAuthenticationRequest event but don't know
> how to use it. Can you explain how that event works as I see little
> documentation about it in MSDN.
>
> I appreciate your help and comments,
>
> Holy



 
Reply With Quote
 
 
 
 
Holysmoke
Guest
Posts: n/a
 
      10-08-2004
Hi Hernan,

Can you explain what how to handle in code for this scenario.

A user asks for an application 1 by typing the url.
First time he/she is redirected to SSO
Signs in successful and access the application 1
now he types url the new application 2 which he has no roles defined

Now I decrypt the ticket and found no roles defined for this application.
I want to redirect to a page saying you have no access.
I don't want to config on web.config or from the code of every page.

Is it possible to do something simple in AuthenticateRequest event?

TIA,
Holy

Now i would like to say you have no access,

How to

"Hernan de Lahitte" wrote:

> Hi Holy,
>
> Here is a post that will show you SSO with Forms Authentication.
>
> http://weblogs.asp.net/hernandl/arch...formsauth.aspx
>
> If you want further insight about roles management with forms, check out
> these links as well.
>
> http://weblogs.asp.net/hernandl/arch...hRolesRev.aspx
> http://weblogs.asp.net/hernandl/arch...uthRoles2.aspx
>
> Regards.
> --
> Hernan de Lahitte
> Lagash Systems S.A.
> http://www.lagash.com
> http://weblogs.asp.net/hernandl
>
> "Holysmoke" <(E-Mail Removed)> escribió en el mensaje
> news:(E-Mail Removed)...
> > Hi,
> >
> > I am trying to implement a SSO using FormsAuthentication for all my
> > applications.
> > When Authenticated, I am saving ApplicationID and RoleID in CSV form and
> > store it on the cookie.
> >
> > Here is the sequence of events I try to implement
> >
> > When an user requests an web application for the first time, he/she is
> > redirected to my SSO Web application
> > which does authentication and retrieves list of applications and its
> > respective roles and store on the ticket/cookie.
> >
> > When the user requests a new web application (ie., when he/she changes to
> > the new url)
> > I would like to pass the Ticket(cookie) which I have created before to a
> > web
> > service and check this user
> > has some role to this application or not.
> >
> > For implementing this logic,
> > I would like to know which global.asax event should I use? I see
> > OnAuthenticationRequest event but don't know
> > how to use it. Can you explain how that event works as I see little
> > documentation about it in MSDN.
> >
> > I appreciate your help and comments,
> >
> > Holy

>
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
sso =?Utf-8?B?QVZM?= ASP .Net 0 04-04-2005 04:17 AM
Java SSO - Is this a standard? Lucas Tam ASP .Net 1 03-10-2005 10:21 PM
Single Sign On(SSO) and Active Directory (AD) daniel ASP .Net 3 02-02-2005 01:45 PM
How to implement SSO on ASP.NET application using Sun One agent ? CV ASP .Net 1 10-05-2004 11:20 PM
SSO in WebApplication, Help Rick Z Java 1 09-26-2004 11:29 AM



Advertisments