locked
Authentication in .net RRS feed

  • Question

  • User52625461 posted

    Hello All,

    We have number of websites for different products

    For e.g.

    Now, we are making independent Email product/website which can be accessed from any of the websites OR Projects listed above.

    In Email product we Do not want to provide login functionality OR login window; user should automatically login into it ? We have our separate email product database also.

    So, here which will be the best way to authenticate the user in email product ?

    1. We are deciding will generate the 'SecretKey' based on the parameters send by the user (Like EmailAddress, ClientName, ProductName etc.). This secret key will be used for the entire user session.

    If this is not the best way; then what else approach we can go for ??

    Thanks in advance !

    Friday, January 30, 2015 1:46 AM

All replies

  • User-782232518 posted

    Microsoft has already published a general framework named ASP.NET Identity to provide you options to extend the functionality,

    http://www.asp.net/identity 

    You can either hook to external authentication services, or build your own.

    Tuesday, February 3, 2015 2:54 AM
  • User-1270013183 posted

    What's the scenario here? Based on my understanding, seems the scenario is customers log in any of the websites like www.vmsproduct.com or www.atsproduct.com with their credentials,  then redirect to a separate website, like Email product website, and try to make purchase with the credentials from other websites because no login in Email product website?

    If you need some more knowledge about Security Best Practices for ASP.NET, you can check the thread posted below:

    http://forums.asp.net/t/1902316.aspx

    Tuesday, February 3, 2015 4:47 AM
  • User-1270013183 posted

    I think one of the ways to implement this is to use Single Sign On (SSO).

    Please take a look at the following two articles, in which, some solutions and implementation were given for the following scenarios:

    1) Two sites have the same domains and same sub domains

    2) Two sites have the same domains but different sub domains

    3) Share the authentication cookie across multiple domains (this should be your request, right?)

    Single Sign On (SSO) for cross-domain ASP.NET applications: Part-I - The design blue print

    http://www.codeproject.com/Articles/106439/Single-Sign-On-SSO-for-cross-domain-ASP-NET-applic

    Single Sign On (SSO) for cross-domain ASP.NET applications: Part-II - The implementation

    http://www.codeproject.com/Articles/114484/Single-Sign-On-SSO-for-cross-domain-ASP-NET-appl

    Tuesday, February 3, 2015 9:31 PM