im using visual studio 2008.
my requirement is to implement single sign on across many domains without using cookies. is this possible?
for example, i have 3 domains (hosted in 3 different systems). www.domain1.com www.domain2.com www.domain3.com
and cookies are disabled.
i implemented single sign on with cookies, if the sites are hosted in single system then it is working. but it doesnt work if cookies are disabled.
i tried all made all possible google searches, but couldnt find anything useful. please help ?
I believe Microsoft have a trick to their single sign in that might work for this. I am assuming rather than cookies you would set a session variable so the theory is (from memory) something like:
1 - You designate one domain as the point of authentication i.e. no matter where you sign in you make sure www.domain1.com has a session variable set to say that the user has been authenticated (I guess ideally you could just put the sign in page on this domain, but if not you could work around this by using http requests to setup initial sign in auth on domain1).
2 - Then the trick is to have a common header in all you other domain (1,2,3,4) pages that first does a check to see whether a session variable is set on the respective domain and if not does a redirect to domain1, determines if the user is logged in - if so get the login details - redirect back to the domain you came from (passing the login details) and then setting up the login variable once you arrive back on the domain you started from.
We have a cross-domain authentication on a system that I work with - it is done with cookies and is a nightmare to work with - we looked at possible options for re-designing this and this is from memory the solution that seemed to be most common - mind you it was still cookie based I think but it should work with sessions too.