I have two applications, one on a primary domain and the other on another domain. One is a legacy site and the other is a new site. We are slowly converting the legacy site (4.0) using a mix of classic asp, .Net2 webforms, and MVC3 to the new site (4.5) which uses MVC4. It is not possible to convert the entire legacy site at this time.
The requirement is to seamlessly click a link on either site and transition to the other site. The user should not notice that site1 is not part of site2 and vice-versa. The authentication is a mix of windows auth behind a firewall dmz and external customer facing site using a custom login and SSL.
The user session and data must be shared in some way between app1 and app2. It is a government site so security is of the highest priority. This will also be in a load balanced environment running Windows Server 2012.
I am unsure of the approaches for the following:
The best and most secure way to share these sessions. Appfabric on the Win2012, State Server, and SQL Server (I know AF can use this as a provider) are all fair game.
How to transition the Browser UI Pages seamlessly. I thought about possibly using a master Unified UI menu with IFrames that loaded either App1 or App2. I feel that is not best or most secure method however. The prerequisite will be javascript enabled users only.
I have done research on this topic and looked at Appfabric session cache with the sharedid in the web config, but I am not sure if that is the preferable way to go or if that even meets part of my requirement.
Any assistance would be very much appreciated.
Thank you!