1

I have Thinktecture IdentityServer set up and I have two trusted client applications, a WinForms app and a Web application and I want to implement SSO between them both.

The user will first open the desktop application which has a login page that authenticates with the identity server.

The desktop application will include some generated web links which when clicked open a new browser window to a secured area of the Web application that requires authentication, however, upon clicking these links I don't want the user to have to login again as they have already authenticated once via the desktop application.

I'm struggling to see which of the flows can achieve this.

What mechanisms, if any, are provided by OpenID connect or Thinktecture IdentityServer that can facilitate this process?

Matt B
  • 8,315
  • 2
  • 44
  • 65
  • 1
    Did you find a solution? – Alf Kåre Lefdal Jul 20 '15 at 16:38
  • Not one that we were fully comfortable with. None of the OAuth flows covered this scenario, so in the end we created a custom solution where the Windows application requested a one use GUID token with a TTL of 10 seconds. That token could then be passed in the query string to the browser application and after validating the token we would authenticate the user. As our software is only installed on internal closed networks we felt this was an acceptable solution. – Matt B Nov 02 '15 at 16:01

1 Answers1

1

There aren't any out of the box mechanisms as the SSO is achieved by setting the cookies in the user agent (UA). So, if the user authenticates in a webview in your winforms app and then it launches the browser like this

System.Diagnostics.Process.Start("http://www.website.com");

in order to open the web app, it won't obviously work because it's not the same UA.

Nevertheless, if you use the same webview to open your web app you can achieve this.

user2457870
  • 640
  • 1
  • 10
  • 14