Hi,

If understand it correctly what are you trying to do is you want to authenticate user inside your silverlight application(s) through MonoX website. Once MonoX validates users and send user information to your application you would change behavior and you would apply application security based on these info. I can't tell you if out-of-box Microsoft solution suggested in the blog will work with MonoX(user validation and roles could work) but principal behind it is what you need. You should try it if this is all you need.

You can always create your own WCF service in MonoX, similar to one provided by MS. There is a lots of documentation how to create wcf and visual studio have lots of tools for working with them. We can guide you how to authenticate user and create authentication ticket inside your service. Only advantage in writing your own service is you can control it's behavior and you can easily add additional functions.

What I don't know is whether I should look into Identity infrastructure that MS is now promoting or stick to the older Membership mechanism (since Silverlight plays fine with web services). Not sure if MonoX uses Identity anyway, or if DotNetAuth does bridge to Identity

also cross-domain restrictions may be an issue, I may need to authenticate from sl app to service running at studio.clipflair.net site that serves the sl app and then use SSO to talk to social.clipflair.net that hosts monox

also gallery.clipflair.net needs to have authentication for metadata editing web forms, so would also need SSO with monox that is on other machine and sub domain (social.clipflair.net)

so question is if there is any suggested method to do SSO between monox and other ASP.net webapp/webservice

MonoX is using older Membership model so you shouldn't worry about new Identity framework. Cross domain restriction is a problem but according to Microsoft it can be solved. 

Problem here is once you authenticate user you need to pass authentication ticket for every call to the MonoX service. In case of the web authentication ticket is set in the cookie and is passed by the browser automatically for each request. I don't know how web services transfer ticket with request(it could be transferred inside envelop). In case it uses same cookie as web in theory you just need to authenticate against MonoX service and call to any service method (if cookie is automatically added by the browser and you can make it work cross domain) will be authenticated. This would be most elegant solution.

If not you must authenticate user on each domain using redirection. In general you would need to use something similar to oAuth 3-leg scheme which is far more complicated solution.