Background
At my work we are moving from desktop applications to web applications. Our ASP .NET web applications (not website) use .NET Framework 2.0 and run on IIS 7.0.
Environment Overview
We want to have one Root application and several web applications which satisfy specific business needs. For example, Root, Application A, Application B and Application C. On the Root application we will display links to all the applications the user has access to. We are using Windows Authentication and managing a table of application specific access levels (on our SQL Server 2008 database).
Question
One of our goals is to enforce the user to access their applications from the Root application only. That is, we do not want them to bookmark http://AppServer/Root/ApplicationA and access Application A by visiting the bookmark. We rather want them to go to http://AppServer/Root and click on the link to Application A to access it.
How can we achieve this? I only need a high-level idea here.
Many thanks to anyone who gives it a shot.
From the gateway, launch the applications via a form post that uses some sort of expiring token. The token cannot be saved in the bookmark, and if users hit the app without a token, redirect them to the gateway. The token can only be generated by the gateway app but validated by the child apps. Once a user has validated in a child app, you can store a session variable to allow them access to the other parts of the app.