MonoX support board

Start the conversation, ask questions and share tips and solutions with fellow developers.

Non-registered users can only browse through our support boards. Please register now if you want to post your questions. It takes a second and it is completely free. Alternatively, you can log in without registration using your credentials at major sites such as Google, Microsoft Live, OpenId, Facebook, LinkedIn or Yahoo.

Single Sign On (SSO)  (Mono Support )

Viewed 25455 time(s), 4 post(s) 12/16/2014 11:51:13 AMby Zoomicon

Related topics

Zoomicon

Zoomicon

12/16/2014 1:40:23 PM
What is the suggested way of implementing SSO between different ASP.net apps/webservices that also include MonoX?

That is between say a WebService or ASP.net app running on one server and MonoX app running on other server (both IIS)?

I want to use
blogs.msdn.com/b/brada/archive/2008/05/03/accessing-the-asp-net-authentication-profile-and-role-service-in-silverlight.aspx
to sign-in from Silverlight app (http://studio.clipflair.net) into MonoX (http://social.clipflair.net)

those two happen to be served from same machine, but are on different subdomains, plus I'd also like to extend this approach to http://gallery.clipflair.net after that (for users to rate gallery content, moderators to submit content and edit metadata etc.) which is on different machine

thanks in advance for any suggestions
This content has not been rated yet. 
2793 Reputation 345 Total posts
pajo

pajo

12/16/2014 2:39:24 PM
Hi,

If understand it correctly what are you trying to do is you want to authenticate user inside your silverlight application(s) through MonoX website. Once MonoX validates users and send user information to your application you would change behavior and you would apply application security based on these info. I can't tell you if out-of-box Microsoft solution suggested in the blog will work with MonoX(user validation and roles could work) but principal behind it is what you need. You should try it if this is all you need.

You can always create your own WCF service in MonoX, similar to one provided by MS. There is a lots of documentation how to create wcf and visual studio have lots of tools for working with them. We can guide you how to authenticate user and create authentication ticket inside your service. Only advantage in writing your own service is you can control it's behavior and you can easily add additional functions.
This content has not been rated yet. 
629 Reputation 83 Total posts
Zoomicon

Zoomicon

12/16/2014 3:39:29 PM

What I don't know is whether I should look into Identity infrastructure that MS is now promoting or stick to the older Membership mechanism (since Silverlight plays fine with web services). Not sure if MonoX uses Identity anyway, or if DotNetAuth does bridge to Identity

also cross-domain restrictions may be an issue, I may need to authenticate from sl app to service running at studio.clipflair.net site that serves the sl app and then use SSO to talk to social.clipflair.net that hosts monox

also gallery.clipflair.net needs to have authentication for metadata editing web forms, so would also need SSO with monox that is on other machine and sub domain (social.clipflair.net)

so question is if there is any suggested method to do SSO between monox and other ASP.net webapp/webservice

This content has not been rated yet. 
2793 Reputation 345 Total posts
pajo

pajo

12/16/2014 5:02:40 PM
MonoX is using older Membership model so you shouldn't worry about new Identity framework. Cross domain restriction is a problem but according to Microsoft it can be solved

Problem here is once you authenticate user you need to pass authentication ticket for every call to the MonoX service. In case of the web authentication ticket is set in the cookie and is passed by the browser automatically for each request. I don't know how web services transfer ticket with request(it could be transferred inside envelop). In case it uses same cookie as web in theory you just need to authenticate against MonoX service and call to any service method (if cookie is automatically added by the browser and you can make it work cross domain) will be authenticated. This would be most elegant solution.

If not you must authenticate user on each domain using redirection. In general you would need to use something similar to oAuth 3-leg scheme which is far more complicated solution.
This content has not been rated yet. 
629 Reputation 83 Total posts