Single Sign On in ASP.NET

Question

Hi all,

I want to know about security issues of Single Sign On.

1. Single Sign On means - The user just have to type the URL in the address bar
e.g. http://1.2.3.4/abcd.aspx and hit "Enter".

2. The website directly redirects to the user account.

3. The website bypasses the Login page (login credentials).

------

Question-1.
How to implement this on existing website with 155 users?

Question-2.
If Single Sign On is implemented, is this not risky?
E.g., IF a user sits on others machine and hits the URL, he will be able to see the confidential data of others.
How to avoid this ?
------------------

Riddhi Valecha · Answer

Hi Munesh, I have already referred this link. Please explain the concept if you are aware of it..

Munesh Sharma · Answer

http://msdn.microsoft.com/en-us/library/dd577079.aspx

Riddhi Valecha · Answer

Hi... I referred these links. But, I am also able to view other people's data. I tried it in one of my dummy/test websites.... As far as my knowledge goes, Single Sign On takes the user who have logged in in Windows. i.e. Turn on the computer, press "CTRL+ALT+DELETE", open the IE browser, type the URL in the address bar, hit Enter. ---------------------- How to stop people from viewing others data using SSO?

Khan Abrar Ahmed · Answer

HI, for this you can enable the windows authentication in website virtual directory and enable the windows authentication in web.config file. refer the below link. http://msdn.microsoft.com/en-us/library/dd577079.aspx http://www.codeproject.com/Articles/429166/Basics-of-Single-Sign-on-SSO http://blogs.msdn.com/b/webdev/archive/2012/09/12/integrate-openauth-openid-with-your-existing-asp-net-application-using-universal-providers.aspx