There are 2 websites. Website A and B. Website A is built on c# asp.net mvc (sitefinity CMS). Website B is built on Moodle CMS. There both on separate domains / servers. The user account/credentials for both websites are different. I want to use Active Directory to authenticate the users on the moodle website. I already have a login on the sitefinity site, but I want to add a custom login widget, that you login and it redirects you to the external site already logged in (The moodle site)
Basically my question is, is the above scenario possible to do, and is it practical/secure? I'm looking at JSON Web Tokens, and wondering if this is something that could be used? https://jwt.io/
If possible how would I go about implementing this. Thank you!
You may have a couple of different options here.
Something that might be an option and would more closely matches the flow you described would be to configure Moodle to use OpenID Connect as an authentication method, and have it use IdentityServer which is integrated with Sitefinity as the STS. I can't say for sure whether this would work, but it should: www.progress.com/.../for-developers-use-sitefinity-cms-as-external-identity-provider This option also would not require any additional pieces of software except for the OpenID Connect authentication module in Moodle.
One solution that I know works is Active Directory Federation Services(ADFS). This is a separate service that handles authentication for your organization, and then is able to pass the logged in user seamlessly to Sitefinity or Moodle. Essentially, when a user attempts to log in to either system, they would be redirected to ADFS which would then validate their credentials against Active Directory. Once logged in, the user would be redirected back and automatically logged in to the respective site. Logging in to one would allow them to access the other site without needing to log in again. It does require licensing/installing/managing another piece of software within your organization, so I'm not sure if this is feasible for you. If your organization has the potential for needing to do Single Sign-On for more than just the two sites, I would give this option some serious thought.