Single Sign On using Guid
How can开发者_JAVA百科 I use a Guid for implementing single sign on the same domain? I can't use sessions as the different web apps would open in new windows hence loosing the session.
Technology used: ASP.net 3.5, MVC2 architecture, C#.
You should be able to use a cookie and access it from whatever application is running under the same domain. If the other web applications sit on a subdomain, you need to set the Domain
of the cookie like:
Response.Cookies("CookieName").Domain = ".mydomain.com"
If the sites exist with in an Intranet and the users are all logged into Windows with a unique user account, you can turn on Windows Authentication and read their Windows User Name from their web request to determine the user.
Edit to elaborate: Have each site read the cookie. You can determine if the user is logged in or not based on the existence of the cookie, which can be managed by setting the cookie expiration.
If you wanted to make this more sophisticated (there are probably security concerns with relying solely on the cookie), you could store the GUID in the database and have each page do a look up to insure the GUID they're passing in is valid. From here, however you want to manage the GUID's validated in the database is up to you (compare time stamps, etc).
You might want to store additional information in the Cookie to use for validation. For instance, you could generate a random string and store that with your GUID in the database. Perform one-way encryption on that string and store it in the Cookie when you initially save it. This way, you can compare that value when checking to see if the cookie is valid.
精彩评论