I have three types of application in my system... 1. Web application (browser-based) 2. Java application 3. C++/vb application All log in will be handle by a login web service. Thus, if I log into the C++ application, it will access the login web service. If the user has been authenticated by logging into the C++ application, how can I allow the user to access the web application without having to sign in again (i.e. single sign-on across web applications and non-browser applications). I was thinking that I'll pass the workstation identification back to the server and the server will return something that indicates whether the user has been authenticated on this workstation already. But I am worried that this can be a security hole... Any ideas will be welcomed. thanks,
One best option is to use SAML and OpenSAML libraries. Google is doing the same for its apps.
Once you will login from your any application then a key will be set and if you tried to access another application it will allow you to access because of that key.