A newbie question on SSO

Holysmoke · Holysmoke

Hi,

I am trying to implement a SSO using FormsAuthentication for all my
applications.
When Authenticated, I am saving ApplicationID and RoleID in CSV form and
store it on the cookie.

Here is the sequence of events I try to implement

When an user requests an web application for the first time, he/she is
redirected to my SSO Web application
which does authentication and retrieves list of applications and its
respective roles and store on the ticket/cookie.

When the user requests a new web application (ie., when he/she changes to
the new url)
I would like to pass the Ticket(cookie) which I have created before to a web
service and check this user
has some role to this application or not.

For implementing this logic,
I would like to know which global.asax event should I use? I see
OnAuthenticationRequest event but don't know
how to use it. Can you explain how that event works as I see little
documentation about it in MSDN.

I appreciate your help and comments,

Holy

Hernan de Lahitte · Hernan de Lahitte

Hi Holy,

Here is a post that will show you SSO with Forms Authentication.

[url]http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx[/url]

If you want further insight about roles management with forms, check out
these links as well.

[url]http://weblogs.asp.net/hernandl/archive/2004/07/30/FormsAuthRolesRev.aspx[/url]
[url]http://weblogs.asp.net/hernandl/archive/2004/08/05/FormsAuthRoles2.aspx[/url]

Regards.
--
Hernan de Lahitte
Lagash Systems S.A.
[url]http://www.lagash.com[/url]
[url]http://weblogs.asp.net/hernandl[/url]

"Holysmoke" <Holysmoke@discussions.microsoft.com> escribió en el mensaje
news:9F8213CB-A169-47EA-86AF-DD9E32A6FC97@microsoft.com...

> Hi,
>
> I am trying to implement a SSO using FormsAuthentication for all my
> applications.
> When Authenticated, I am saving ApplicationID and RoleID in CSV form and
> store it on the cookie.
>
> Here is the sequence of events I try to implement
>
> When an user requests an web application for the first time, he/she is
> redirected to my SSO Web application
> which does authentication and retrieves list of applications and its
> respective roles and store on the ticket/cookie.
>
> When the user requests a new web application (ie., when he/she changes to
> the new url)
> I would like to pass the Ticket(cookie) which I have created before to a
> web
> service and check this user
> has some role to this application or not.
>
> For implementing this logic,
> I would like to know which global.asax event should I use? I see
> OnAuthenticationRequest event but don't know
> how to use it. Can you explain how that event works as I see little
> documentation about it in MSDN.
>
> I appreciate your help and comments,
>
> Holy

Holysmoke · Holysmoke

Hi Hernan,

Can you explain what how to handle in code for this scenario.

A user asks for an application 1 by typing the url.
First time he/she is redirected to SSO
Signs in successful and access the application 1
now he types url the new application 2 which he has no roles defined

Now I decrypt the ticket and found no roles defined for this application.
I want to redirect to a page saying you have no access.
I don't want to config on web.config or from the code of every page.

Is it possible to do something simple in AuthenticateRequest event?

TIA,
Holy

Now i would like to say you have no access,

How to

"Hernan de Lahitte" wrote:

> Hi Holy,
>
> Here is a post that will show you SSO with Forms Authentication.
>
> [url]http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx[/url]
>
> If you want further insight about roles management with forms, check out
> these links as well.
>
> [url]http://weblogs.asp.net/hernandl/archive/2004/07/30/FormsAuthRolesRev.aspx[/url]
> [url]http://weblogs.asp.net/hernandl/archive/2004/08/05/FormsAuthRoles2.aspx[/url]
>
> Regards.
> --
> Hernan de Lahitte
> Lagash Systems S.A.
> [url]http://www.lagash.com[/url]
> [url]http://weblogs.asp.net/hernandl[/url]
>
> "Holysmoke" <Holysmoke@discussions.microsoft.com> escribiÃ³ en el mensaje
> news:9F8213CB-A169-47EA-86AF-DD9E32A6FC97@microsoft.com...

> > Hi,
> >
> > I am trying to implement a SSO using FormsAuthentication for all my
> > applications.
> > When Authenticated, I am saving ApplicationID and RoleID in CSV form and
> > store it on the cookie.
> >
> > Here is the sequence of events I try to implement
> >
> > When an user requests an web application for the first time, he/she is
> > redirected to my SSO Web application
> > which does authentication and retrieves list of applications and its
> > respective roles and store on the ticket/cookie.
> >
> > When the user requests a new web application (ie., when he/she changes to
> > the new url)
> > I would like to pass the Ticket(cookie) which I have created before to a
> > web
> > service and check this user
> > has some role to this application or not.
> >
> > For implementing this logic,
> > I would like to know which global.asax event should I use? I see
> > OnAuthenticationRequest event but don't know
> > how to use it. Can you explain how that event works as I see little
> > documentation about it in MSDN.
> >
> > I appreciate your help and comments,
> >
> > Holy

>
>
>

A newbie question on SSO

Thread Tools

Display

A newbie question on SSO

Similar Questions and Discussions

Newbie Question: Biz Card Template Question

A newbie with a newbie question

newbie question,,,

Pen Tool Use Question. (Embarrassingly Newbie Question)

Newbie OO question

Re: A newbie question on SSO

Re: A newbie question on SSO

Posting Permissions