"Spam Catcher" <spamhoneypot@rogers.com> wrote in message
news:Xns9846C2E0186BFusenethoneypotrogers@127.0.0.1...
> Hi all,
>
> I'm looking to implement a single sign on solution for .NET applications.
> This single sign on solution will need to work against a variety of back-
> end databases (i.e. SQL (mainly), Active Directory (some), Custom Data
> Sources (XML, MDB, Custom Web Service, etc).
>
> Is there any sample code on implementing a simple single sign on service?
>
> The app would need:
>
> -Log in Users from the web, desktop clients, custom applications, etc.
> -Have granular permissions
> -Be compatible with other web services, desktop apps, and remoting
> (basically any sort of client/server)
> -Have the ability to add trusted sites (i.e. servers, viewer consoles,
> etc)
> -Work with .NET 1.1 (most of our apps are still 1.1)
>
> I was thinking of doing the following:
>
> 1. Build a security web service
> 2. Users would log into a web service to retrieve a token
> 3. Once a token is retrieve, it is used for all future communications
> 4. Applications check security against the security service via the Token
> i.e.: CheckPermission(ByVal Token as GUID, ByVal Permission as String) as
> Boolean
> 5. The Web Service would manage a list of valid tokens (time outs,
> errors, etc)
>
> Ecryption would be done primarily on the transport layer - but the token
> could be encrypted too.
>
> What do you guys think about this solution? It's simple... However, how
> do you handled "trusted" sources?
>
> Even better would be for me to find something that was prebuilt :-)
>
>