The present invention belongs to the network communication technology field, and especially relates to a single sign-on authentication method and system. The method comprises: receiving an authentication request including original bill information; determining whether the sign-on is performed for the first time or not according to the original bill information, and if sign-on is performed for the first time, executing a third step, or else, executing a fourth step; sending a sign-on instruction to a user terminal, generating a user information table when the sign-on information sent by the user terminal is correct, determining whether there is an authentication to access a business terminal or not, if there is the authentication to access a business terminal, generating a first authentication result to feed back to the business terminal, or else, stopping the steps; determining whether the user terminal has an authentication to access the business terminal or not, if the user terminal has the authentication to access the business terminal, executing a fifth step; and according to the previous business information table, the current business information table and the user information table, determining whether the safety domain information is the same or not, and generating a second authentication result to the business terminal according to a determination result. The single sign-on authentication method and system mitigate user's memory work, and are high in flexibility, high in safety and simple in authentication process.