Single Signon [Archive] - DiscountASP.NET Forums

View Full Version : Single Signon

blueprintpm

07-06-2010, 06:08 AM

I've been asked by a client to implement single signon for our web site from their network. Thepreferred methods/configurations are these:
1) SSO should occur over https
2) SSO information should include a timestamp
3) Trust information of any sort should be encrypted
4) Timestamps are synchronized with tick.usno.navy.mil and/or tock.usno.navy.mil to within +/- 30 seconds *
5) Where reasonable it is preferred that users only have access to the trusted system via SSO and not by direct login
6) The following hash and encryption methods are supported:
A. 3DES
B. AES
C. SHA-1/SHA-256 (Hash)
D. MD5 (Hash, deprecated)

I have NO experience in any of this and am very nervous. My questions are;
1. Does DASP support all this?
2. If I convert sites to https, what code updates will I have to do? Does it mean recoding of all pages or does it mainly hit the config.sys file?
3. anyone have good links to start researching?

Thanks SO much for any help...

CrystalCMS

07-06-2010, 12:19 PM

I've successfully implemented a single sign on ASP.NET web application in my day job where the application hosted is on internal business IIS7 servers. In this application, Windows desktop users once logged on to the Windows domain, do not have to login to the web application because authentication is handled automatically and transparently for these type of users. The same application also supports forms db users for external public web users and these users do need to login before gaining any access to the site.

My point is that this is definitely possible in some scenarios. Do you know what authentication scheme is currently implemented on the network for users? If it's Windows authentication, it won't be doable at DASP out of the box because the DASP windows server will not be able to authenticate your windows users. That said, it still maybe possible to perform some local trickery coupled with forms authentication ticket creation for the DASP hosted web application.

You mention both SSL (1) and also supported encryption methods for this application (6). This seems a bit strange because if SSL is a must as suggested by (1), the cheapest SSL certs nowadays will implement SHA1.

I know there aren't many answers in this post but if you provide some more info, I'll continue to try and keep helping.

blueprintpm

07-13-2010, 05:10 AM

Joe - I've actually decided to contract this out to someone to do it - hoping to learn it as he does it. Thanks for the input and advice.