Single sign-on between web & desktop

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

buu - 28 Feb 2008 11:30 GMT

Hi everyone,

We're developing an application which include both web-based (ASP.NET)
and desktop (WinForms) applications. User credentials come from a
Windows domain. We want to enable single sign-on between these
applications. Two expected usage scenarios are as follows:

1.
- User login to web app using his/her Windows domain account
- There is a link in a web page for the user to launch the desktop
component
- The desktop app (already installed in user's workstation) is
launched
- User can access to privileged information without having to logging
in again

2.
- Continue from 1
- User clicks on a link or something to launch back the web
application
- The web site is opened in the browser
- User can access to privileged information without having to logging
in again.

One way we can think of is to have the web & desktop apps communicate
the a security token (which is issued to map with a specific domain
account after the user logs in) via cookie. However, this is really a
hack and we wonder if there's any pattern that addresses this need.

Thanks in advance!

Regards,
Buu

Reply to this Message

Joe Kaplan - 28 Feb 2008 20:06 GMT

Can you use integrated windows authentication for this? That is by far the
easiest thing to do.

Joe K.

Signature

Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--

> Hi everyone,
>
[quoted text clipped - 29 lines]
> Regards,
> Buu

Reply to this Message

Buu - 29 Feb 2008 11:45 GMT

Joe,

We can't use integrated windows authentication. I mistook in my
question:
"User credentials come from a Windows domain" should be "User
credentials do NOT come from a Windows domain". User accounts are
stored in a custom-built database of a legacy application.

Thanks,

Buu

On Feb 29, 3:06 am, "Joe Kaplan"
<joseph.e.kap...@removethis.accenture.com> wrote:

> Can you use integrated windows authentication for this? That is by far the
> easiest thing to do.
[quoted text clipped - 38 lines]
> > Regards,
> > Buu

Reply to this Message

Joe Kaplan - 29 Feb 2008 14:30 GMT

In that case, you probably won't be able to take advance of HTTP-based
authentication. For web apps, you generally must then resort to using a
combination of cookies and/or query strings to convey auth info. For the
web app, starting with something like ASP.NET forms authentication is
probably the right way to go. From there, you will likely need to perform
some significant customizations to be able to use the same type of pattern
with your Windows Forms app.

It sounds like it will probably be a bit complicated.

Also remember that it can be difficult to ensure the security of a system
with measures implemented at the client. It is frequently the case that you
must make sure you enforce all security measures at the server to be safe.

Best of luck!

Joe K.

Signature

Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--

> Joe,
>
[quoted text clipped - 54 lines]
>> > Regards,
>> > Buu

Reply to this Message

jp2msft - 13 Mar 2008 18:41 GMT

This might just be another hack, but what about this:

User logs into your web service through the database which sets a
flag/boolean value for that user. As long as the flag is set, the windows
application is allowed.

A session variable could be enabled on your web page, so that when the user
closes his web browser, the session is distroyed ...or the session could have
a timeout feature.

Would that work?

> Joe,
>
[quoted text clipped - 52 lines]
> > > Regards,
> > > Buu

Reply to this Message

Rate this thread:

Single sign-on between web & desktop

Free Magazines