|
|
|
date: Thu, 28 Feb 2008 03:30:56 -0800 (PST),
group: microsoft.public.dotnet.security
back
Re: Single sign-on between web & desktop
In that case, you probably won't be able to take advance of HTTP-based
authentication. For web apps, you generally must then resort to using a
combination of cookies and/or query strings to convey auth info. For the
web app, starting with something like ASP.NET forms authentication is
probably the right way to go. From there, you will likely need to perform
some significant customizations to be able to use the same type of pattern
with your Windows Forms app.
It sounds like it will probably be a bit complicated.
Also remember that it can be difficult to ensure the security of a system
with measures implemented at the client. It is frequently the case that you
must make sure you enforce all security measures at the server to be safe.
Best of luck!
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Buu" wrote in message
news:3ee623e2-ec40-4b01-b8c2-0c7ec4632f5a@d4g2000prg.googlegroups.com...
> Joe,
>
> We can't use integrated windows authentication. I mistook in my
> question:
> "User credentials come from a Windows domain" should be "User
> credentials do NOT come from a Windows domain". User accounts are
> stored in a custom-built database of a legacy application.
>
> Thanks,
>
> Buu
>
> On Feb 29, 3:06 am, "Joe Kaplan"
> wrote:
>> Can you use integrated windows authentication for this? That is by far
>> the
>> easiest thing to do.
>>
>> Joe K.
>>
>> --
>> Joe Kaplan-MS MVP Directory Services Programming
>> Co-author of "The .NET Developer's Guide to Directory Services
>> Programming"http://www.directoryprogramming.net
>> --"buu" wrote in message
>>
>> news:cdd93564-be68-4d07-b2d9-8b452aaa001b@i7g2000prf.googlegroups.com...
>>
>> > Hi everyone,
>>
>> > We're developing an application which include both web-based (ASP.NET)
>> > and desktop (WinForms) applications. User credentials come from a
>> > Windows domain. We want to enable single sign-on between these
>> > applications. Two expected usage scenarios are as follows:
>>
>> > 1.
>> > - User login to web app using his/her Windows domain account
>> > - There is a link in a web page for the user to launch the desktop
>> > component
>> > - The desktop app (already installed in user's workstation) is
>> > launched
>> > - User can access to privileged information without having to logging
>> > in again
>>
>> > 2.
>> > - Continue from 1
>> > - User clicks on a link or something to launch back the web
>> > application
>> > - The web site is opened in the browser
>> > - User can access to privileged information without having to logging
>> > in again.
>>
>> > One way we can think of is to have the web & desktop apps communicate
>> > the a security token (which is issued to map with a specific domain
>> > account after the user logs in) via cookie. However, this is really a
>> > hack and we wonder if there's any pattern that addresses this need.
>>
>> > Thanks in advance!
>>
>> > Regards,
>> > Buu
>
date: Fri, 29 Feb 2008 08:30:08 -0600
author: Joe Kaplan
Re: Single sign-on between web & desktop
This might just be another hack, but what about this:
User logs into your web service through the database which sets a
flag/boolean value for that user. As long as the flag is set, the windows
application is allowed.
A session variable could be enabled on your web page, so that when the user
closes his web browser, the session is distroyed ...or the session could have
a timeout feature.
Would that work?
"Buu" wrote:
> Joe,
>
> We can't use integrated windows authentication. I mistook in my
> question:
> "User credentials come from a Windows domain" should be "User
> credentials do NOT come from a Windows domain". User accounts are
> stored in a custom-built database of a legacy application.
>
> Thanks,
>
> Buu
>
> On Feb 29, 3:06 am, "Joe Kaplan"
> wrote:
> > Can you use integrated windows authentication for this? That is by far the
> > easiest thing to do.
> >
> > Joe K.
> >
> > --
> > Joe Kaplan-MS MVP Directory Services Programming
> > Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net
> > --"buu" wrote in message
> >
> > news:cdd93564-be68-4d07-b2d9-8b452aaa001b@i7g2000prf.googlegroups.com...
> >
> > > Hi everyone,
> >
> > > We're developing an application which include both web-based (ASP.NET)
> > > and desktop (WinForms) applications. User credentials come from a
> > > Windows domain. We want to enable single sign-on between these
> > > applications. Two expected usage scenarios are as follows:
> >
> > > 1.
> > > - User login to web app using his/her Windows domain account
> > > - There is a link in a web page for the user to launch the desktop
> > > component
> > > - The desktop app (already installed in user's workstation) is
> > > launched
> > > - User can access to privileged information without having to logging
> > > in again
> >
> > > 2.
> > > - Continue from 1
> > > - User clicks on a link or something to launch back the web
> > > application
> > > - The web site is opened in the browser
> > > - User can access to privileged information without having to logging
> > > in again.
> >
> > > One way we can think of is to have the web & desktop apps communicate
> > > the a security token (which is issued to map with a specific domain
> > > account after the user logs in) via cookie. However, this is really a
> > > hack and we wonder if there's any pattern that addresses this need.
> >
> > > Thanks in advance!
> >
> > > Regards,
> > > Buu
>
>
date: Thu, 13 Mar 2008 10:41:01 -0700
author: jp2msft
|
|
