Single Sign-On with ASP.NET and Without Using Active Directory

 

Bill N. recently asked this one, here is some of the email:

"I'm working a problem at the office that requires we implement a means of logging in once to a web site and then enable SSO access to all other web apps on that site.  We also need to implement roles-based security.  We currently have a SQL Server database containing username/password information and roles information.  These are not people who are in AD, or are ever going to be in AD.  We're currently using a third-party portal solution and a little custom code in each web app for all of this; we're looking to separate authentication and authorization from the vendor(s)."

 

Here are some links to what I came up with but feel free to add to this if you have some insights:

 

https://aspalliance.com/1545_Understanding_Single_SignOn_in_ASPNET_20

https://blah.winsmarts.com/2006/05/19/aspnet-20-implementing-single-sign-on-sso-with-membership-api.aspx

https://johndyer.name/post/2005/12/Single-SignOn-with-ASPNET-Membership-and-WebServices.aspx