SSO and IIS

Quote: Hi All, I was interested in implementing a single sign on solution for my web applications. I wanted to use Kerberos, but I heard it was not easily compatible for web applications. All my applications run off of IIS, so it is a little harder finding resources. If you could point a way, I would definitely appreciate it. Thanks

One way to achieve this is through a database. If you are not using a database you could use a sign on application. All methods may depend on how much security you want. Also have a look at this article:
Understanding Single Sign-On in ASP.NET 2.0

Quote: One way to achieve this is through a database. If you are not using a database you could use a sign on application. All methods may depend on how much security you want. Also have a look at this article: Understanding Single Sign-On in ASP.NET 2.0

Thanks kenobewan

If I wanted to maximize security (ie: construct rules for passwords, have password change every 90 days, etc) how would I do it?

Also, when you say a sign on application, do you mean open source like cosign or pubcookie, etc?

Thanks for the response.

Quote: Thanks kenobewan If I wanted to maximize security (ie: construct rules for passwords, have password change every 90 days, etc) how would I do it? Also, when you say a sign on application, do you mean open source like cosign or pubcookie, etc? Thanks for the response.

I can't design a secure system for you, but these are the reasons that you could use a sign on application rather than dealing with sign on directly through each application.

The most secure systems have no restricted data/ files on them. However, for those that need to protect data while making it available to a few, the next best thing may be two systems. If there is no public system then you obviously need only a secure system.

As the system architect it is up to you to design the system or use third party applications.