I have two domain

Example : a.com and b.com

I try to implement SSO Cross domain authentiction for these two website

I refer this link reference How youtube gets logged in to gmail account without getting redirected? to implement like gmail and youtube

I have doubt on that

1. How to send token from one domain to another domain using iframe

2. How to pass token in secure way

3. If i use intermediate domain how to prevent that domain call for accessing cookies value i want to set the cookies in second domain

Please help me to implement i searched but the sample code is not available in asp.net

CodePudding user response：

have you tried this method? Using Reverse Proxy As @David suggested, use a reverse proxy like Nginx or HAPorxy to serve both the applications from the same domain - protocol://host:port. All three things should be equal.

Using cookies instead of LocalStorage If you use cookies instead of LocalStorage, then host ports do not participate in determining site policy. So two application running on the same host but the different port will share cookie without any extra work. To protect the cookie, use an HTTP-only cookie, same-site cookie.

Using URL to share - IFrame only If you are using iFrame, then you can use URL to share the token. When the outer window is loading the iFrame, send this information via hash like http://localhost:8081/somepage#token=1234

Using hash will allow the page to send data to an inner page without being sent over the wire.

Using window.postMessage - IFrame only Using window.postMessage, you can simply pass the required data to the inner window/iFrame. As long as you control both the endpoints, you can easily do cross-domain message sending.

In the end, it really depends on your security requirements, ease-of-maintenance, etc.

CodePudding user response：

The best of this is using oAuth https://oauth.net/ provides a comprehensive definition of this.

There are many open-source implementations of oAuth consumer and server available.

The concept is that a third URL will authenticate and maintain the primary session and pass tokens via URL on redirect. The consumers can utilize tokens to request the server for details directly.

Overall benifit is that you will get implementations via open-source communities in a language of your choice, and you will be able to utilise third-party logins. There are other standards you can look into as well are SAML , OpenID and LDAP and products like shibbobleth,CAS and Azure AD.