I have three ASP.Net applications and I want them to share their user status (Anonymous, LoggedIn). For this I use a custom Membership provider which lets me manage my users database effectively. But...
How can I authenticate a user in one of this applications AND let the other two applications know who is authenticated ?
(like Google does with GMail, Google Reader, Google Calendar...)

PS: Remember I use Membership Provider and Login Controls as well.

7 Years
Discussion Span
Last Post by blackcorner

I think the generic description for this is single sign on, there are several ways to achieve it, some are more secure than others, essentially google is using cookies combined with a check that the user is allowed access to a particular application.

By default ASP.NET authentication uses an auth cookie to handle authentication to a site, but to achieve single sign on you will need to automatically create a new authentication cookie for each application a user accesses.

One way to do this could be to have the links to your other applications as link buttons, then add logic to the link button click like:

1. Check the user is authenticated in the current application.
2. Generate a random GUID for this user and save it to an auth table in the DB
3. Send the user to the next app with the GUID on the query string
4. check the guid against the database (the same query will delete this GUID and any old GUID's left in the table e.g. when someone cancels the navigation).
5. authenticate the user for the new application

the same authentication check in the new application could also check that the user has access to the new application.

There are many ways to achieve the same thing, but this method is pretty secure.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.