I have three types of application in my system...
1. Web application (browser-based)
2.
Java application
3. C++/vb application
All log in will be handle by a login web service. Thus, if I log into the C++ application, it will access the login web service. If the user has been authenticated by logging into the C++ application, how can I allow the user to access the web application without having to sign in again (i.e. single sign-on across web applications and non-browser applications).
I was thinking that I'll pass the workstation identification back to the server and the server will return something that indicates whether the user has been authenticated on this workstation already. But I am worried that this can be a security hole...
Any ideas will be welcomed.
thanks,