All geek questions in one place

Can SiteB restrict access to authenticated users on Site A only? How?

Recently, I was asked to evaluate the part of the work that will provide functions for authenticated users to access our site. The fact is that the user must authenticate on another site and in the domain on which we host.

The user authenticates to SiteA.com and is provided with a link to our SiteB website. Only authenticated SiteA users are allowed access to SiteB.com.

I don’t know what kind of authentication system SiteA uses, but I thought I would ask the community to give some initial thoughts. Is it possible? What do i need to consider?

thank

+3
source share
1 answer

Single sign-on is possible using Form Authentication . Here are the steps:

  • Configure both sites for forms authentication and configure the same machine keys (this is important for step 4).
  • The user authenticates to SiteA.com, and a cookie is issued for him on this site.
  • Create a link to SiteA, which will be a POST form containing the authentication cookie value in a hidden field, to a page on SiteB.com that does not require authentication (make sure that you publish only via HTTPS).
  • The page on SiteB.com reads the value of the placed token, decrypts it and issues a cookie for SiteB.com authentication using FormsAuthentication.GetAuthCookie
  • SiteB.com
+2

Source: https://habr.com/ru/post/1741572/

More articles:


All Articles