DotNetOpenAuth SSO sample behavior

46 views
Skip to first unread message

Joao Leme

unread,
Apr 28, 2012, 9:14:49 PM4/28/12
to dotnet...@googlegroups.com

On the OpenIdWebRingSso samples (PR (provider) and RP (relying party) - 3.5.0.10357) if I Logout on the PR it doesn't log me out on the RP (on the next page request).

Also, the PR always redirects to login (asking for Username and Password) when user is not authenticated. What I need when browsing a page on the RP that does not require authentication is a request just to check if the user is authenticated. If so, log the user on the RP (that part is fine) but if not, just return a response that the user is not authenticated, without asking to log in (unless I do click on the logIn button or try a access a [Authorize] page). UPDATE: Got that part resolved with "request.Mode = 0;"

So what I need on the RP is to check on every page request weather it is authenticated or not against the PR and only ask for password when necessary. So the questions are:

1) Can I find this code on the samples or other reference?

2) If not, what's the best place to put it on a MVC3 app: - httpModule? - on a base controler and override void Initialize? - OnActionExecuting (ActionFilterAttribute)? - somewhere else?

3) Is this approach correct for SSO (I have 5 different sites/domains for one company)?

Thanks in advance!

Reply all
Reply to author
Forward
0 new messages