I have Thinktecture IdentityServer set up and I have two trusted client applications, a WinForms app and a Web application and I want to implement SSO between them both.
The user will first open the desktop application which has a login page that authenticates with the identity server.
The desktop application will include some generated web links which when clicked open a new browser window to a secured area of the Web application that requires authentication, however, upon clicking these links I don't want the user to have to login again as they have already authenticated once via the desktop application.
I'm struggling to see which of the flows can achieve this.
What mechanisms, if any, are provided by OpenID connect or Thinktecture IdentityServer that can facilitate this process?
There aren't any out of the box mechanisms as the SSO is achieved by setting the cookies in the user agent (UA). So, if the user authenticates in a webview in your winforms app and then it launches the browser like this
System.Diagnostics.Process.Start("http://www.website.com");
in order to open the web app, it won't obviously work because it's not the same UA.
Nevertheless, if you use the same webview to open your web app you can achieve this.
来源:https://stackoverflow.com/questions/28903996/openid-connect-using-identityserver-for-sso-between-winforms-and-web-applicati