I am tasked with implementing single sign-on for our customers as part of our next release. The flow exists as follows:
Thus, there are two mechanisms by which a user can be authenticated into our site:
If our product's implementation is in ASP.NET (as opposed to Java/Ruby), should we be using CAS, JOSSO, or some other third party single sign-on product? Or is there something available to a .NET environment which would be simpler for us as a .NET company?
This question is related to
c#
asp.net
single-sign-on
UltimateSAML SSO is an OASIS SAML v1.x and v2.0 specifications compliant .NET toolkit. It offers an elegant and easy way to add support for Single Sign-On and Single-Logout SAML to your ASP.NET, ASP.NET MVC, ASP.NET Core, Desktop, and Service applications. The lightweight library helps you provide SSO access to cloud and intranet websites using a single credentials entry.
[disclaimer: I'm one of the contributors]
We built a very simple free/opensource component that adds SAML support for ASP.NET apps https://github.com/jitbit/AspNetSaml
Basically it's just one short C# file you can throw into your project (or install via Nuget) and use it with your app
I am late to the party, but for option #1, I would go with IdentityServer3(.NET 4.6 or below) or IdentityServer4 (compatible with Core) .
You can reuse your existing user store in your app and plug that to be IdentityServer's User Store. Then the clients must be pointed to your IdentityServer as the open id provider.
There are several Identity providers with SSO support out of the box, also third-party** products.
** The only problem with third party products is that they charge per user/month, and it can be quite expensive.
Some of the tools available and with APIs for .NET are:
If you decide to go with your own implementation, you could use the frameworks below categorized by programming language.
C#
Javascript
Python
I would go with IdentityServer4 and ASP.NET Core application, it's easy configurable and you can also add your own authentication provider. It uses OAuth/OpenID protocols which are newer than SAML 2.0 and WS-Federation.
Source: Stackoverflow.com