posted 19 years ago
Single SignOn .....
The http is a stateless protocol. So after the user login , the user information will be lost in the next request. So the user would be asked to login again and again. To overcome this , the user information is passed in the HTTP header automatically, then the user only has to login once. This is one side of Single SigOn.
With the internet application development , more and more internet applications are integrated together. Suppose an user A sends a request to application server B and application server B delegate the request to application server C. The user has login on the server A but has not login on server C. The server B can pass the user credential to server C. Then the user A does not have to login in on Server C again. This is another side of Signle SignOn.
The requirement you have might not have been solved. I might be wrong on this because I am not an expert. Only the operation system knows everything. The browser does not have the user password information. The browser might be able to get user credential information from OS. However if the application server accepts the credential information sent by a browser simply, there could be a security hole. A malicious browser can forge the credentail to do something.....
One walk around for your requirement might be using client certification.
Thanks
Lin