How to carry credentials from one website to another ?

Codemaniac · July 11th, 2012, 11:25 PM

Hi Everybody,

I have two websites 'Site1' and 'Site2'. A link in these two websites redirects the user to a different site, where the user has to again login to access it.

What I am working on is a dashboard which will use the same credential (from site1 or site2) and display some information about the user (regarding no. of points that particular user has). This dashboard will have a link to access a third website 'Site3' and it needs to be accessed through the same credentials.

(site1)(site2)----->>dashboard----->>(site3).

All I want is the credentials to travel from 'site1and 2' to 'site3'. so that user don't have to login again and again.

ANY HELP WILL BE MUCH APPRECIATED!! THANKS GUYS

guenfire · July 12th, 2012, 01:08 PM

If I were in your shoes, I'd write a secure web service that retrieves the encrypted credentials from one site to the other (assuming you're communicating over the secure HTTP protocol). Check out HOW TO: Pass Current Credentials to an ASP.NET Web Service.

Codemaniac · July 12th, 2012, 03:43 PM

Much appreciated Guenfire!

Yes I was also thinking about the same solution (SSO can also be implemented but for me its a little complicated.).
It would be great if you can tell me a little about its structure (details), so that we can launch ourselves from there on.

Thanks :)

guenfire · July 12th, 2012, 05:36 PM

Codemaniac, not really sure what details you're looking for. I don't have a clue what type of site security is currently in place on each site, so it would be meaningless for me to give you "details." :) Was there something in the link I provided specifically that you don't understand?

The long and short of it is to determine how site 3 handles credentials in relationship to sites 1 and 2. Your dashboard could include something as simple as a web user control with a link that implements the web service call, compares the site 1/2 credentials to those stored in site 3, and then simply uses the MembershipApplication provider classes as a pass-through. Much really has to do with the type of authentication (e.g., Windows, Forms or Passport). For example, if site1/2 uses forms authentication, you could call a web service using some code like below:

Code:

string userName, password;
bool isAuth = AuthenticateUser(userName, password);

if (isAuth)
{
    FormsAuthentication.RedirectFromLoginPage(user, false)
}
else
{
    FormsAuthentication.RedirectToLoginPage()
}

Frankly, that's not the most "secure" bet (although it's done much more often than anyone would want to admit). You might also look into establishing Membership on site 3 utilizing the Membership and Role Management API, and let your web service simply interface directly with that. Hope what I've expanded on here is helpful!