Hello all.
Here's the scenario: one of our clients has about 60 applications (and is in the process of creating some new ones), all in the same domain, and he wants to integrate authentication for all. So the basic requirement is to create (setup?) an "authentication service" that would allow a user to sign on only to the first application. Of course this sounds as an SSO implementation, with the exception that we don't need to worry about multiple domains.
All authentication is for external users, so they don't need to integrate with AD (it's all Forms authentication). They do requiere to use a challenge/response mechanism for authentication, beacuse of a norm they have to compile to.
I've never actually done an implementation of something like this. I've used ASP.NET Identity in the past, but never to "integrate" several applications and share user information amongst them. I've looked into concepts like ADFS, Identity Server, STS, but I'm not sure on what approach I should take here.
Any suggestions? Is it worth building something from scratch? Thanks a lot for your help.