A methodology for providing a single-sign-on mechanism within an ASP aggregator service is presented. An aggregator token is generated by an ASP aggregator service and sent to a client device after its user has been successfully authenticated during a single-sign-on operation that is provided by the ASP aggregator service. The aggregator token then accompanies any request from the client to aggregated applications within the ASP aggregator service's infrastructure. The aggregator token comprises an indication of an address or resource identifier within the ASP aggregator service to which a client/user can be redirected when the client/user needs to be authenticated by the ASP aggregator service. In other words, the address/identifier is associated with a logon resource; when a request from a client is sent to this address, the ASP aggregator service responds with an authentication challenge to force the user to complete a single-sign-on operation.