I am a bit stuck working out where to go next with some development work. I am hoping to find some guidance here.

I have a DNN 4 site and a Classic ASP membership management system (MMS), both running under the same domain. Users will log into the MMS, and I would like them to be automatically logged into DNN at the same time.

So far, I have the creation of DNN users working. When users log into the MMS, a web service sends the user details to DNN, and that service then creates or updates that user, resets their password, puts them into the relevant roles etc. The tricky part is logging them in.

My current idea, is for the web service to create a temporary password for that user (single-use, with a limited lifetime of perhaps a minute). The password would be stored in the DNN database, and also returned to the ASP MMS through the web service. That password would then get passed back to the user's browser as a cookie. The next time that user visits the DNN site (which should be almost immidately after logging in) I would like something in that site to recognise the cookie, look the value up in the database, if it matches log the user in immediately, and then continue. The cookie and password is then destroyed, since it is on no further use.

Now, that all seems like a straightforward solution to me, and one that I would guess would involve a couple of dozen lines of code at most. However, I cannot work out exactly where that code needs to go. I just don't know where to start.

I am not familiar with ASP.net, and I don't have a working VS environment (I just couldn't get it to work with DNN), so I am coming at this with not much more than a text editor.

Any help glady received. Remember the ultimate solution I am looking for, is that when a user logs into an independant ASP application that happens to be on the same domain, they should be automatically created and logged into the DNN application. I have the 'created' part working.

-- Jason

Since I cannot edit posts, I'll just reply to myself ;-) This is what I have come up with, after some research, which I hope will be useful to others.

The following script, if placed in the root folder (e.g. Auth.aspx) will log any user in without knowing their password, and then send them to any given page. As part of a single-signon system, this would be the final stage. It just remains for me to pass these user credentials to this entry-point (direct from application to application, giving the browser a temporary ticket of some kind - a GET parameter or a cookie) and the single-signon should be complete.

Thanks for the help, which I eventually found through this forum and links to other forums.

-- Jason

--- Auth.aspx ---

<%@ Page %>
<%@ Import Namespace="System.Web.Security" %>
<%@ Import Namespace="DotNetNuke" %>
<script runat="server" language="vb">
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs)

' Derive all these values from the cookie (preferably values left in a table
' by the original web service that created the user, so they do not need to
' go via the user browser.

' The portal we want to log into.
Dim intPortalID As Integer = 0
' The username we want to log in as.
Dim strUserName As String = "my_user_name"
' The page we want to go to after logging in.
Dim intTabId As Integer = 73

Dim objUser As UserInfo
Dim objUserController As New UserController
objUser = objUserController.GetUserByName(intPortalID, strUserName)
' Is the IP address (parameter 4) required?
objUserController.UserLogin(intPortalID, objUser, "DNN", "", True)
' Not sure if the cookie needs to be set like this?
'formsAuthentication.SetAuthCookie(ObjUser.userId.ToString(), False)
Response.Redirect("Default.aspx?TabId=" & intTabId.ToString())

End Sub
</script>