I am tasked with implementing single sign-on for our customers as part of our next release. The flow exists as follows:
- User logs into their school's main portal system using a student id/password provided to him/her by the school.
- User clicks the link to my company's product.
- User is automatically taken to the dashboard page as if they had just logged in through the login form on our site.
Thus, there are two mechanisms by which a user can be authenticated into our site:
- Coming to our product's home page, and logging in using the email/password that we store in our local system.
- Using the single sign-on where the student has already logged into the school's main system with a student id and password.
If our product's implementation is in ASP.NET (as opposed to Java/Ruby), should we be using CAS, JOSSO, or some other third party single sign-on product? Or is there something available to a .NET environment which would be simpler for us as a .NET company?
Best Answer
There are multiple options to implement SSO for a .NET application.
Check out the following tutorials online:
Basics of Single Sign on, July 2012
http://www.codeproject.com/Articles/429166/Basics-of-Single-Sign-on-SSO
GaryMcAllisterOnline: ASP.NET MVC 4, ADFS 2.0 and 3rd party STS integration (IdentityServer2), Jan 2013
http://garymcallisteronline.blogspot.com/2013/01/aspnet-mvc-4-adfs-20-and-3rd-party-sts.html
The first one uses ASP.NET Web Forms, while the second one uses ASP.NET MVC4.
If your requirements allow you to use a third-party solution, also consider OpenID. There's an open source library called DotNetOpenAuth.
For further information, read MSDN blog post Integrate OpenAuth/OpenID with your existing ASP.NET application using Universal Providers.
Hope this helps!