Most applications in modern enterprises will provide a set of authentication method of their own,which increase the user's burden and reduce the system security as well.Another serious problem is how to administer access requests of authenticated users.The Single Sign-On(SSO) based on SAML and access control based on XACML can provide a solution for these two problems.Based on the analysis of SAML and XACML specifications,an SSO model based on SAML and XACML is proposed in this paper,and applied on the platform of Microsoft.NET.The model shares user information including ID authentication and access level,which promote interoperability between different security systems and guarantees access control as well.The security of the model is also analyzed.