Google

Monday, July 30, 2007

Gang of Four Design Patterns

If you are looking for a reference on implementing design patterns in .net, I recommend visiting www.dofactory.com. I found the samples on the site very informative since they provide simple codes that will help you understand what a particular pattern is for. They provide two set of sample codes, one structural and the other is for real world implementation, and the codes can be in c# or vb.net. UML diagram of the pattern is also available for those people who love to draw squares and arrows. They also have a framework which these patterns are implemented; they call it Design Pattern Framework. The book really comes handy to those developer who are involved in designing software.

Thursday, July 26, 2007

ASP.net : Single Sign On using Forms Authentication

Lately I have been asked to implement SSO on all upcoming web applications on a division in my company. As the name implies the user will only login once and have him jump from another application without prompting for a username and password. Using Forms Authentication of asp.net means each application will be generating an authentication ticket, and using this ticket for SSO would be easier since the framework will taking care a lot of things for us.

Here are the steps to implement SSO.

1. Override the Machine key validation and decryption key.

By default each application authentication ticket will be generated using a different validation and decryption key. Since we need to have a single ticket for the applications we will need to have the same keys for each applications under SSO. We can specify the keys by adding the following entry on each application web.config.

<machineKey validationKey="1555CBC4DE7791EA223E"
decryptionKey=" D1CB403BD1EE413909EF" validation="SHA1" />

2. Have the same forms name in your forms authentication entry.

Each application will have to point on the same authentication ticket. To do this we just need to have the same forms name. This is assuming you will be implementing a parent child virtual directory setup on your IIS.

<authentication mode="Forms">
<forms name=".SSOAuth" protection="All" timeout="60" loginUrl="login.aspx"/>
<authentication/>


Take note that the way you deploy your applications on your IIS server will affect how they can view the authentication ticket. Since authentication ticket is cookie based you just need to specify the same location for your cookie so SSO applications can share the same ticket.