Webservice instead of Redirects
44 views
Skip to first unread message
Joao Leme
May 1, 2012, 2:25:36 PM5/1/12
to dotnet...@googlegroups.com
Could we use webservices instead of redirects for SSO multiples sites with different domain? Any sample code? Thanks!
Andrew Arnott
May 1, 2012, 7:46:49 PM5/1/12
to dotnet...@googlegroups.com
I don't think so. Redirects allow the browser to send the request to the server, which will include any relevant authentication cookies. An arbitrary server-to-server request wouldn't include those cookies.
On Tuesday, May 1, 2012, Joao Leme wrote:
--
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
On Tuesday, May 1, 2012, Joao Leme wrote:
Could we use webservices instead of redirects for SSO multiples sites with different domain? Any sample code? Thanks!
--
You received this message because you are subscribed to the Google Groups "DotNetOpenAuth" group.
To view this discussion on the web visit https://groups.google.com/d/msg/dotnetopenid/-/tf2xdZjYV7EJ.
To post to this group, send email to dotnet...@googlegroups.com.
To unsubscribe from this group, send email to dotnetopenid...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/dotnetopenid?hl=en.
--
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
Joao Leme
May 1, 2012, 8:23:49 PM5/1/12
to dotnet...@googlegroups.com
Thanks Andrew, it does make sense now. What about using an iframe for the redirects? Would that easy the loading time? I was thinking about having the RP checking on every request with the provider if there was a change on the login status.
Thanks in advance!
On Tuesday, May 1, 2012 8:46:49 PM UTC-3, Andrew Arnott wrote:
Thanks in advance!
On Tuesday, May 1, 2012 8:46:49 PM UTC-3, Andrew Arnott wrote:
I don't think so. Redirects allow the browser to send the request to the server, which will include any relevant authentication cookies. An arbitrary server-to-server request wouldn't include those cookies.
On Tuesday, May 1, 2012, Joao Leme wrote:
Could we use webservices instead of redirects for SSO multiples sites with different domain? Any sample code? Thanks! --
You received this message because you are subscribed to the Google Groups "DotNetOpenAuth" group.
To view this discussion on the web visit https://groups.google.com/d/msg/dotnetopenid/-/tf2xdZjYV7EJ.
To post to this group, send email to dotnet...@googlegroups.com.
To unsubscribe from this group, send email to dotnetopenid+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/dotnetopenid?hl=en.
Andrew Arnott
May 1, 2012, 8:34:55 PM5/1/12
to dotnet...@googlegroups.com
Yes, iframes can be used (with OpenID in immediate mode). But the HTML/JS required to do so is mostly left as an exercise to the reader. There are some ASP.NET controls (if you're using web forms) or samples that may help you (nerddinner.com) in this area. They don't do what you're trying to do, but they demonstrate some common iframe and js patterns for openid that may assist you.
On Tuesday, May 1, 2012, Joao Leme wrote:
On Tuesday, May 1, 2012, Joao Leme wrote:
Thanks Andrew, it does make sense now. What about using an iframe for the redirects? Would that easy the loading time? I was thinking about having the RP checking on every request with the provider if there was a change on the login status.
Thanks in advance!--
On Tuesday, May 1, 2012 8:46:49 PM UTC-3, Andrew Arnott wrote:I don't think so. Redirects allow the browser to send the request to the server, which will include any relevant authentication cookies. An arbitrary server-to-server request wouldn't include those cookies.
On Tuesday, May 1, 2012, Joao Leme wrote:Could we use webservices instead of redirects for SSO multiples sites with different domain? Any sample code? Thanks! --
You received this message because you are subscribed to the Google Groups "DotNetOpenAuth" group.
To view this discussion on the web visit https://groups.google.com/d/msg/dotnetopenid/-/tf2xdZjYV7EJ.
To post to this group, send email to dotnet...@googlegroups.com.
To unsubscribe from this group, send email to dotnetopenid+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/dotnetopenid?hl=en.
--
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
You received this message because you are subscribed to the Google Groups "DotNetOpenAuth" group.
To view this discussion on the web visit https://groups.google.com/d/msg/dotnetopenid/-/nfOPFTtelXUJ.
To post to this group, send email to dotnet...@googlegroups.com.
To unsubscribe from this group, send email to dotnetopenid...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/dotnetopenid?hl=en.
Reply all
Reply to author
Forward
0 new messages