Single SignOn with ASP.NET Membership and WebServices
I have begun planning for integrating several separate login systems under
one authentication server. We don’t want to use MS Passport or typekey (though this kerebos article looks nice) and some of the apps already use
the ASP.NET 2.0 Membership system. The Membership system can support multiple
sites, but the SqlMembershipProvider must have direct access to the SQL Server
providing authentication. Otherwise, you’re out of luck. So I thought it’d be
nice to create a MembershipProvider that talked to a WebService hooked up to a
SqlMembershipProvider. Here’s my setup:
Authentication Server Website
This is the central login
server. It uses the normal SqlMembershipProvider (it could actually use any
MemebershipProvider) and has a WebService called SingleSignOn.AuthenticationServer.MembershipService.
Authentication Client Website(s)
These sites use a
MembershipProvider I wrote called SingleSignOn.AuthenticationClient.WebServiceMembershipProvider. It
impliments all of the methods of MembershipBase and each method makes calls to
the MembershipService on the Authentication Server. Since the provider model is so awesome (thanks Rob) requires
absolutely no code changes other than adding the new
WebServiceMembershipProdiver to the web.config. Another Provider could be built
for Profile and MemberRole, but for now I just wanted Authentication.
There’s still a lot to do (some methods are still just stubs) to make it work
in a real world scenario (caching, https, WSE stuff, etc.). I also haven’t
decided what the best way to handle the ApplicationName or how I want to do server authentication.
As always, let me know if you’re interested in the code.