I have begun planning for integrating several separate login systems under one authentication server. We don't want to use MS Passport or typekey (though this kerebos article looks nice) and some of the apps already use the ASP.NET 2.0 Membership system. The Membership system can support multiple sites, but the SqlMembershipProvider must have direct access to the SQL Server providing authentication. Otherwise, you're out of luck. So I thought it'd be nice to create a MembershipProvider that talked to a WebService hooked up to a SqlMembershipProvider. Here's my setup:

Authentication Server Website
This is the central login server. It uses the normal SqlMembershipProvider (it could actually use any MemebershipProvider) and has a WebService called SingleSignOn.AuthenticationServer.MembershipService.

Authentication Client Website(s)
These sites use a MembershipProvider I wrote called SingleSignOn.AuthenticationClient.WebServiceMembershipProvider. It impliments all of the methods of MembershipBase and each method makes calls to the MembershipService on the Authentication Server. Since the provider model is so awesome (thanks Rob) requires absolutely no code changes other than adding the new WebServiceMembershipProdiver to the web.config. Another Provider could be built for Profile and MemberRole, but for now I just wanted Authentication.

There's still a lot to do (some methods are still just stubs) to make it work in a real world scenario (caching, https, WSE stuff, etc.). I also haven't decided what the best way to handle the ApplicationName or how I want to do server authentication.

As always, let me know if you're interested in the code.