Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > using a shared session

Reply
Thread Tools

using a shared session

 
 
masoud bayan
Guest
Posts: n/a
 
      01-03-2005
Hi,



We have 3 different web applications on three different websites (and
domains). Now we want to make it possible for users to login in each of
these applications and can navigate to other applications without
authenticating. So generally we need to have a shared session across
applications (a single sign-on).

Whenever a user logins in each application a session identifier is created
and is saved in the cookie for that session.

1. Is there any chance to create cookies for other applications
(websites) at the same time (login time in one of the apps)? So when user
navigates to other sites, other server can read the session information from
cookie?

2. Is there any other approach that we can use to have single sign-on
capability through our sites?



Any advice is appreciated.



Thanks

Masoud








 
Reply With Quote
 
 
 
 
Kevin Spencer
Guest
Posts: n/a
 
      01-03-2005
Hi masoud,

As you're talking about multiple apps, you're definitely NOT talking about
Session. What you're describing falls more accurately into the realm of
"messaging." You need to send a message from one app to the other to
indicate that the user is logged into the first app, and who the user is
logged in as. You may create a new Session for the second app after you have
received this information, but you can not share Sessions across apps.

In the realm of messaging, you have several alternatives. One is to pass
data via QueryString, but that isn't secure. An alternative is to use a
database, into which the first app puts the data, and the second app reads
it. The first app could post a form to the second, and pass the data in that
way. Of course, unless the data is encrypted, it is not much more secure
than using a Query String. Another alternative is to use a Web Service to
pass the data. For example, you could create a Web Service Method on app 2
that takes several parameters of data about a user, and registers that user
somehow with the app. App 1 would make a Web Service call to the Method,
passing in the user data, and then redirect to the appropriate page in app
2. You would have to use encryption here as well.

You could also use Windows Messaging Services, but that is queued, and you
need to be sure that the data has arrived by the time you redirect.

--
HTH,

Kevin Spencer
Microsoft MVP
..Net Developer
Neither a follower nor a lender be.


"masoud bayan" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
>
>
>
> We have 3 different web applications on three different websites (and
> domains). Now we want to make it possible for users to login in each of
> these applications and can navigate to other applications without
> authenticating. So generally we need to have a shared session across
> applications (a single sign-on).
>
> Whenever a user logins in each application a session identifier is created
> and is saved in the cookie for that session.
>
> 1. Is there any chance to create cookies for other applications
> (websites) at the same time (login time in one of the apps)? So when user
> navigates to other sites, other server can read the session information
> from
> cookie?
>
> 2. Is there any other approach that we can use to have single sign-on
> capability through our sites?
>
>
>
> Any advice is appreciated.
>
>
>
> Thanks
>
> Masoud
>
>
>
>
>
>
>
>



 
Reply With Quote
 
 
 
 
bruce barker
Guest
Posts: n/a
 
      01-03-2005
you will need to do a ticket system. you can link because a cookie can not
be shared between domains, you will have to pass the ticket to site. this
means you can link between sites without requiring a new login, but if the
users hit the site directly, they will be prompted for a login.

you can use a common webservice (like ms passport) to handle the comon login
verfication and ticket.

-- bruce (sqlwork.com)



"masoud bayan" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
| Hi,
|
|
|
| We have 3 different web applications on three different websites (and
| domains). Now we want to make it possible for users to login in each of
| these applications and can navigate to other applications without
| authenticating. So generally we need to have a shared session across
| applications (a single sign-on).
|
| Whenever a user logins in each application a session identifier is created
| and is saved in the cookie for that session.
|
| 1. Is there any chance to create cookies for other applications
| (websites) at the same time (login time in one of the apps)? So when user
| navigates to other sites, other server can read the session information
from
| cookie?
|
| 2. Is there any other approach that we can use to have single sign-on
| capability through our sites?
|
|
|
| Any advice is appreciated.
|
|
|
| Thanks
|
| Masoud
|
|
|
|
|
|
|
|


 
Reply With Quote
 
masoud bayan
Guest
Posts: n/a
 
      01-04-2005
Thank you.

Masoud

"masoud bayan" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
>
>
>
> We have 3 different web applications on three different websites (and
> domains). Now we want to make it possible for users to login in each of
> these applications and can navigate to other applications without
> authenticating. So generally we need to have a shared session across
> applications (a single sign-on).
>
> Whenever a user logins in each application a session identifier is created
> and is saved in the cookie for that session.
>
> 1. Is there any chance to create cookies for other applications
> (websites) at the same time (login time in one of the apps)? So when user
> navigates to other sites, other server can read the session information

from
> cookie?
>
> 2. Is there any other approach that we can use to have single sign-on
> capability through our sites?
>
>
>
> Any advice is appreciated.
>
>
>
> Thanks
>
> Masoud
>
>
>
>
>
>
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Global Shared functions, shared variables Imran Aziz ASP .Net 1 08-22-2005 06:43 PM
Shared functions vs Non-Shared Functions tshad ASP .Net 11 05-27-2005 05:53 PM
Shared, why not a 'Local Shared' (re: Session and ViewState dislike) ben ASP .Net 3 11-15-2004 03:04 PM
Shared Public Variables and Shared Methods Joe Fallon ASP .Net 3 07-16-2004 07:11 AM
Cannot refer to an instance member of a class from within a shared method or shared member initializer without an explicit instance of the class. DJ Dev ASP .Net 3 02-08-2004 04:19 PM



Advertisments