0

I'm trying to wrap up a custom authentication system for internal use for a project I'm working on in MVC.

We currently have a partner that hosts an external site with forms authentication. Certain sections of this site redirect to a section on our internal site. Passed along with this redirection is an id and a session id. They provide a web service that we can then verify that this user is authenticated on the original site.

Is there a way to wrap this up into some sort of custom provider or authentication attribute in ASP.net? I would prefer to create something reusable to share with others working in my same environment.

Thanks!

EDIT The method of authentication is not something I'm looking to change. I'm just looking for the best way to wrap this up so it's reusable internally. I was initially thinking a custom membership provider, but it's not really a username/password type situation.

Improve this question

2 Answers 2

Reset to default
1

You can do a custom membership provider, even without a username and password. You just need to implement MembershipProvider. I would only actually put code in ValidateUser(string username, string password). Pass the user ID with the uaername string, and the session id with the password string... do the validation, and pass back true or false. You can add more features as you need to.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You could look at Single-Sign On (SSO) solutions that are designed for this, more particularly with SAML bindings, for example Shibboleth.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.