Logging in to multiple sites with the same credentials

Hello,

I am not sure if this group is appropriate for this question. We are
using ASP.Net and we have several unrelated sites running on a couple
of web servers. Each site is linked to an SQL database. As it is, we
keep a seperate table for each site to hold the login information.

It was requested that we have one login page from the main company
site that will direct the user directly to their site. How can this be
done? Since each group of sites have their connection pool and i don't
want to pass the login information in the Response.Redirect.

We thought of passing the information encrypted along with the
sessionid, so that even if the browser keeps the information in the
history, the user would still have to login from the site.

Any ideas?

By the way, the idea is that the client gets a chance to look at our
services from the main site. Our clients login from public places, so
they have to type their username and password everytime.

thanks

Re: Logging in to multiple sites with the same credentials

Hi Wael,

One idea could be as following :
Set up a back office web service on the main ID server with the
following interface : public loginpasswordstructure GetIdFromToken(long
token);
The process could look like this :
1/ The user gives the login/passw information on the main server.
2/ In the main DB you have a table like this Tokens(Token bigint, login
varchar, passw varchar, timelmimit datetime)
3/ You save there the provided connexion informations associated with a
randomly generated token and a time limit to retrieve it (let's say 5
seconds)
4/ In the response.redirect you send the token as a parameter
5/ The remote app can now get the info from the web service mentioned above.
6/ On each token creation and/or retrieval you delete time exceeded tokens.

If you can limit IP allowed to connect to you webservice it not bad, if
you can set up and ssl it better.

This kind of trick is often used for cross-domain communication.

Hope it helps.



Wael wrote :
> Hello,
>
> I am not sure if this group is appropriate for this question. We are
> using ASP.Net and we have several unrelated sites running on a couple
> of web servers. Each site is linked to an SQL database. As it is, we
> keep a seperate table for each site to hold the login information.
>
> It was requested that we have one login page from the main company
> site that will direct the user directly to their site. How can this be
> done? Since each group of sites have their connection pool and i don't
> want to pass the login information in the Response.Redirect.
>
> We thought of passing the information encrypted along with the
> sessionid, so that even if the browser keeps the information in the
> history, the user would still have to login from the site.
>
> Any ideas?
>
> By the way, the idea is that the client gets a chance to look at our
> services from the main site. Our clients login from public places, so
> they have to type their username and password everytime.
>
> thanks
>

Re: Logging in to multiple sites with the same credentials

We thought of that. the problem is that we have to keep two login
tables one for the main site that includes passwords for all sites and
another for each particular site. Another way would be to eliminate
the passwords table for each particular site alltogether, but we deal
with sensitive clinical data, so security is an absolute requirement.

On Sep 19, 9:12 pm, Martin CLAVREUIL wrote:
> Hi Wael,
>
> One idea could be as following :
> Set up a back office web service on the main ID server with the
> following interface : public loginpasswordstructure GetIdFromToken(long
> token);
> The process could look like this :
> 1/ The user gives the login/passw information on the main server.
> 2/ In the main DB you have a table like this Tokens(Token bigint, login
> varchar, passw varchar, timelmimit datetime)
> 3/ You save there the provided connexion informations associated with a
> randomly generated token and a time limit to retrieve it (let's say 5
> seconds)
> 4/ In the response.redirect you send the token as a parameter
> 5/ The remote app can now get the info from the web service mentioned above.
> 6/ On each token creation and/or retrieval you delete time exceeded tokens.
>
> If you can limit IP allowed to connect to you webservice it not bad, if
> you can set up and ssl it better.
>
> This kind of trick is often used for cross-domain communication.
>
> Hope it helps.
>
> Wael wrote :
>
>
>
> > Hello,
>
> > I am not sure if this group is appropriate for this question. We are
> > using ASP.Net and we have several unrelated sites running on a couple
> > of web servers. Each site is linked to an SQL database. As it is, we
> > keep a seperate table for each site to hold the login information.
>
> > It was requested that we have one login page from the main company
> > site that will direct the user directly to their site. How can this be
> > done? Since each group of sites have their connection pool and i don't
> > want to pass the login information in the Response.Redirect.
>
> > We thought of passing the information encrypted along with the
> > sessionid, so that even if the browser keeps the information in the
> > history, the user would still have to login from the site.
>
> > Any ideas?
>
> > By the way, the idea is that the client gets a chance to look at our
> > services from the main site. Our clients login from public places, so
> > they have to type their username and password everytime.
>
> > thanks- Hide quoted text -
>
> - Show quoted text -