I recently implemented an enterprise portal web application in ASP.NET for a client. The main requirement for this portal was to have Single-Sign-On links to other intranet web applications.
After much debate, self-searching (sometimes soul searching..) I implemented an SSO mechanism which is technology independent and would work fine with pure HTML pages as well. No real ASP.NET stuff in there.
The good point is, I was able to SSO in the same way with intranet applications written in ColdFusion and Java alike.
The Project is over.. and I have moved on since then and working on another project, but somewhere in my subconscious mind, I am evaluating the best SSO implementation available in the .NET Framework. Lets assume that all the applications that we want to wire together are pure ASP.NET apps. No cross-technology in there.
What is the best way then to implement a fully functional SSO amongst various asp.net applications if the all authenticate individually against a central database of users?
Any inputs and suggestions are welcome.