I think you might be looking at a custom membership/user provider.  We created a custom provider to validate the username is an umbraco user and then validate the password against AD.  We are now doing the same thing for a membership provider and since we're using AD for password validation, we need only to have a user defined in user section to make them editors/admins etc, and/or an member defined in the members sections to give them access as a front-end user----both validating password against AD.  Single Sign-On.

If you make the provider class for the Membership module the same as the class for the User module then there isn't any reason why SSO wouldn't work. You'd need to set these two to be the same:

<add name="UmbracoMembershipProvider" type="umbraco.providers.members.UmbracoMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="TestType" passwordFormat="Hashed"/>
<add name="UsersMembershipProvider" type="umbraco.providers.UsersMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false"/>

So for example you could have:

<add name="UmbracoMembershipProvider" type="umbraco.providers.UserMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="TestType" passwordFormat="Hashed"/>
<add name="UsersMembershipProvider" type="umbraco.providers.UsersMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false"/>

That should set all the appropriate cookies and tokens to allow the user to sign into a website and then navigate to the Umbraco backend which then also works

is working on a reply...