Hi all,

I'm looking to implement a single sign on solution for .NET applications.
This single sign on solution will need to work against a variety of back-
end databases (i.e. SQL (mainly), Active Directory (some), Custom Data
Sources (XML, MDB, Custom Web Service, etc).

Is there any sample code on implementing a simple single sign on service?

The app would need:

-Log in Users from the web, desktop clients, custom applications, etc.
-Have granular permissions
-Be compatible with other web services, desktop apps, and remoting
(basically any sort of client/server)
-Have the ability to add trusted sites (i.e. servers, viewer consoles,
etc)
-Work with .NET 1.1 (most of our apps are still 1.1)

I was thinking of doing the following:

1. Build a security web service
2. Users would log into a web service to retrieve a token
3. Once a token is retrieve, it is used for all future communications
4. Applications check security against the security service via the Token
i.e.: CheckPermission(ByVal Token as GUID, ByVal Permission as String) as
Boolean
5. The Web Service would manage a list of valid tokens (time outs,
errors, etc)

Ecryption would be done primarily on the transport layer - but the token
could be encrypted too.

What do you guys think about this solution? It's simple... However, how
do you handled "trusted" sources?

Even better would be for me to find something that was prebuilt :-)

The technology you're looking for is called GSSAPI. In Windows land it's
often shortened to "SSPI".

If you're doing this in .Net, you're going to be stuck writing Mixed Mode
C++. There's no way to do everything you need to do in C#, as it's all
dynamic DLL Loading, and structures full of function pointers.

There is all sorts of sample documentation on the Platform Sdk. The gist of
it is going to be:
- Use LoadLibrary to load Security.dll
- Lookup the address for InitSecurityInterfaceW to get the list address to
call to find out more information
- Call this method to get the structure full of function pointers to use
- Call the QuerySecurityPackageInfo function pointer method
- Call: AcquireCredentialsHandle, AcceptSecurityContext and
CompleteAuthToken to log users in.

In general, it was a pain in the butt to implement, but our users really
like having Windows based Single-Sign on.

@TK2MSFTNGP06.phx.gbl:

I've been doing a bit more research... how about the new AzMan stuff in
Windows 2003 / 2000 SP4? Do you think that would suffice for a single-sign
on solution?

Combining a date value with a time value
rotating image
vbCrLf
Get value from nested class using reflection
Want to know the power-2 based numbers of x
Program Flow
String Comparision
error
Binding a Text Box
ASP.NET 2.0 won't let me put my user controls in the same directory as Web.config