Question 87595 in ASP.NET Question posted in
The official documentation can be found here.

SSO for cross domain – Asp.net

I have two domains

Example :
a.com and b.com

I try to implement SSO Cross-domain authentication for these two websites

I refer to this link reference How youtube gets logged in to gmail account without getting redirected? to implement like Gmail and YouTube

I have doubt about that

  1. How to send tokens from one domain to another domain using iframe

  2. How to pass tokens in a secure way

  3. If I use an intermediate domain how to prevent that domain call for accessing cookies value I want to set the cookies in the second domain

Please help me to implement I searched but the sample code is not available in asp.net

Tags:

2

Answers


  1. 0

    have you tried this method?
    Using Reverse Proxy
    As @David suggested, use a reverse proxy like Nginx or HAPorxy to serve both the applications from the same domain – protocol://host:port. All three things should be equal.

    Using cookies instead of LocalStorage
    If you use cookies instead of LocalStorage, then host ports do not participate in determining site policy. So two application running on the same host but the different port will share cookie without any extra work. To protect the cookie, use an HTTP-only cookie, same-site cookie.

    Using URL to share – IFrame only
    If you are using iFrame, then you can use URL to share the token. When the outer window is loading the iFrame, send this information via hash like http://localhost:8081/somepage#token=1234

    Using hash will allow the page to send data to an inner page without being sent over the wire.

    Using window.postMessage – IFrame only
    Using window.postMessage, you can simply pass the required data to the inner window/iFrame. As long as you control both the endpoints, you can easily do cross-domain message sending.

    In the end, it really depends on your security requirements, ease-of-maintenance, etc.

    Login or Signup to reply.
  2. 0

    The best of this is using oAuth https://oauth.net/ provides a comprehensive definition of this.

    There are many open-source implementations of oAuth consumer and server available.

    The concept is that a third URL will authenticate and maintain the primary session and pass tokens via URL on redirect. The consumers can utilize tokens to request the server for details directly.

    Overall benifit is that you will get implementations via open-source communities in a language of your choice, and you will be able to utilise third-party logins. There are other standards you can look into as well are SAML , OpenID and LDAP and products like shibbobleth,CAS and Azure AD.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search