IMO, the technology is behaving as designed. Both applications require
credentials to function...neither is aware that they other has already
authenticated a user...

perhaps some middle ground? skip the logon UI by checking a cookie and
seeing if the user has already logged into one of the applications..both
applications should be able to check the contents of a cookie...

"Reza Nabi" <rnabi@hotmail.com> wrote in message
news:B71E619E-A56A-4780-B1F7-418CC7B350C8@microsoft.com...
> Hello All,
>
> We have 3 machines. 2 web server and 1 db server.
>
> Webserver 1: This machine is running apache on Linux. A Webapplication is
written in Mod perl. To log on to this machine user is autheticated against
user table in postgresql database.
>
> Webserver 2: This machine is running IIS on Winodws 2003 server (Server
role is set as App server). An ASP.NET application is developed using C#.
Form based authentication is implemented and user is authenticated against
the same user table as WebServer 1. Web application talk to postgresql
database through ODBC.
>
> Db server: We use postgreSQL on Linux. Webserver 1 (apache box) talks to
database using DBI and webserver 2 (IIS box) talks to database using ODBC.
>
> Both web applications (located in server 1 and server 2) are authenticated
against same user table in postgresql database.
>
> Currently user needs to logon twice (Although its the same user id and
password) to access web pages from those 2 webserver.
> Question: Is there any way we can impletment single sign on? If user 'foo'
logon apache box (webserver 1), he doesn't need to logon again to access web
page from IIS box (Webserver 2).
>
> Any help/tip/pointer would be very much appreciated.
> Thanks,
>
> Reza Nabi