C# ASP.NET Single Sign-On Implementation

I am tasked with implementing single sign-on for our customers as part of our next release. The flow exists as follows:

  1. User logs into their school's main portal system using a student id/password provided to him/her by the school.
  2. User clicks the link to my company's product.
  3. User is automatically taken to the dashboard page as if they had just logged in through the login form on our site.

Thus, there are two mechanisms by which a user can be authenticated into our site:

  1. Coming to our product's home page, and logging in using the email/password that we store in our local system.
  2. Using the single sign-on where the student has already logged into the school's main system with a student id and password.

If our product's implementation is in ASP.NET (as opposed to Java/Ruby), should we be using CAS, JOSSO, or some other third party single sign-on product? Or is there something available to a .NET environment which would be simpler for us as a .NET company?


There are multiple options to implement SSO for a .NET application.

Check out the following tutorials online:

Basics of Single Sign on, July 2012

http://www.codeproject.com/Articles/429166/Basics-of-Single-Sign-on-SSO

GaryMcAllisterOnline: ASP.NET MVC 4, ADFS 2.0 and 3rd party STS integration (IdentityServer2), Jan 2013

http://garymcallisteronline.blogspot.com/2013/01/aspnet-mvc-4-adfs-20-and-3rd-party-sts.html

The first one uses ASP.NET Web Forms, while the second one uses ASP.NET MVC4.

If your requirements allow you to use a third-party solution, also consider OpenID. There's an open source library called DotNetOpenAuth.

For further information, read MSDN blog post Integrate OpenAuth/OpenID with your existing ASP.NET application using Universal Providers.

Hope this helps!


I am late to the party, but for option #1, I would go with IdentityServer3(.NET 4.6 or below) or IdentityServer4 (compatible with Core) .

You can reuse your existing user store in your app and plug that to be IdentityServer's User Store. Then the clients must be pointed to your IdentityServer as the open id provider.