I have two websites (domain and subdomain), something like this: www.website.ro and en.website.ro and I am trying to share a cookie between them. I have set the cookie domain to "website.ro", I tried setting it to ".website.ro", but it doesn't work. I can only read the cookie in the website that created it.
View 5 RepliesI have a bunch of applications that currently share the authentication cookie in v3.5.
We're in the process of upgrading to 4.0 and also upgrading the applications as a whole. I have 1 done, and would love to deploy it. However, as soon as I do, I lose my sharing of authentication cookie in that application.
In each web.config, my machine key is declared. I removed the actual keys to protect the innocent. :)
<machineKey validationKey="..." decryptionKey="..." validation="SHA1"/>
<authentication mode="Forms">
<!-- DEV Server -->
<forms enableCrossAppRedirects="true" loginUrl="Logon.aspx" name=".COOKIENAMEHERE" protection="All" path="/" slidingExpiration="true" timeout="1440"/>
</authentication>
I have an app with multiple subdomains, subone.parent.com, subtwo.parent.com.
I have a logon page at parent.com/login. When a user logs in I redirect them to the proper domain based on which one they are a member of. This works fine.
FormsAuthenticationTicket ticket = new FormsAuth...
string encTicket = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
cookie.Domain = subone.parent.com
Repsonse.Cookies.Add(cookie)
This properly authenticates the user for subone.parent.com and not subtwo.parent.com. However I would like to do the following.
If the user goes back to parent.com, I would like to know that they are logged in and redirect them back to subone.parent.com.
Is there a best practice for accomplishing this? Or do I have to set another cookie for parent.com?
I'm working in asp.net mvc if it matters.
I've been researching and I've spent pratically all day on this. Here's my issue. The website uses forms authentication that we authenticate against active directory. I've been attempting to access files we have on a network share and push them down to the user (when they request them) in an http response. I keep getting "Access to the path <unc path> is denied".
Here's the code:
[Code]....
Things I've tried:1) When I add the "Computer" to the permissions of the folder it works and I dont even need to emulate a user (essentially just commenting out this code), but I'm not sure we want to explicitly give the computer access to some of our network shares 2) I've verified it's the correct username and password for the active directory account and that they have permissions on these network shares 3) I've fooled around with the WebProxy class with no luck (as I'm not entirely familiar with it) 4) I've tried impersonating the user by creating a windows token and passing the token as credentials (i've done this with similar websites) with no luck, plus this seemed a bit complicated for something I figured would be relatively easy.Its almost as if, the WebClient class isn't even using the credentials i've passed it.We've got it working now, but only by giving the "Computer" specific permissions on the network shares, which we'd like to avoid.
I'd like to write out a cookie for a different sub-domain than the one I'm running in. Basically, what I want to do is have a php forum page automatically be authenticated from the asp.net login.That is, I have[URL]When the user log's in to www.mysite.com, I want to write a cookie out that the forum.mysite.com can pick up. It's only going to have the username in it so no encryption is needed. Nothing unsafe best I can tell. I've tried the below code but that still seems to make an encrypted cookie. I need to read it back into php unencrypted.
[Code]....
is it possible to preserve authentication for ASP.NET Forms authentication cookie,btween Http and Https (different domains) and back?I mean haveing single signon for two domains say http://www.mydomain.com and https://members.mydomain.comI've seen on quite asp.net sites that have a 'MyAccount' section they transfer the site to https and then when you have logged into your account successfully and gone back to the majority of the site you move back to http whilst still being logged in.
View 1 Repliesis it possible to remove Main Domain cookie from Sub Domain ?I am using single sign on .On logout i want to remove the maindomain cookie
View 2 RepliesWe're doing a whitelabelled version of our site, which will be hosted at foo.ourdomain.com.
However we need to ensure session is maintained between www.ourdomain.com and foo.ourdomain.com, as our SSL certificate only covers the main domain.
In practice this means we'll swap to the main domain on our payment pages, which run HTTPS, and then redirect back to the subdomain, after payment.
So the question is: How do we maintain the session when doing so ?
I've tried with <httpCookies domain=".ourdomain.com" /> in web.config to no avail :-(
Edit: Figured it out now, I lacked domain on my <forms /> tag to handle login properly.
how can i maintain session between domain and subdomains.
i have a master page in my domain say [URL] which collects username and then i redirect it to subdomain.mydomain.com, then how can i retrieve the value from the session in the subdomain Master page.
Suppose this is my website url: http://www.mydomain.com. And I have created one subdomain name as http://img.mydomain.com.
Now I want to upload image from my site http://www.mydomain.com to my subdomain http://img.mydomain.com through code.
Is it possible to upload image from website to subdomain?
I've got a session/coockie from a phpbb forum. But i use in the website asp.net (the website has a different url and domain then the forum).
Can i get the session/coockie from the phpbb forum in the asp.net website?
on my website there is one page where i do webrequest to other website with webresponse i also get one cookie that i need to store on browser with same domain of webrequest
problem is that when i add that cookie in my response with domain (which i made webrequest browser ) cookie is not added.
My feeling says it's not posible but anyway I am curious if there is at least a workaround for accomplish this.Basically I am working at my client site and my machine is not connected to the domain.What I want to do is running a web application locally under a domain account, and using the webdev server.The webapp uses the default authentication, windows authentication that is.I tried using impersonation with domainuser & password but I got the following error Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'Logon failure: unknown user name or bad password.I have to mention that the username and the password are correct.
View 2 RepliesI have a domain: http://www.mydomain.com. This domain is redirected to http://mydomain.anotherDomain.com.
I user forms authorization, so when the user navigates to Default.aspx he is redirected to Login.aspx. Pretty standard stuff.
On FireFox the user can log in on both on http://www.mydomain.com and http://mydomain.anotherDomain.com.
But with Explorer http://www.mydomain.com doesn't work. I only get the Login.aspx page.
Can it have anything to do with that on http://www.mydomain.com I can't see the filename ('Default.aspx', 'Login.aspx')? How can I enable so the filename is included in the redirected domain?
I have an intranet web application. There are 2 user groups, group A belongs to the domain and group B does not. If I set the IIS to enable anonymous access, Request.ServerVariables("LOGON_USER") always return nothing. If I disable anonymous access and set Integrated Windows authenication, a Windows login prompt will come up if group B's users want to access the website.
How can I setup IIS so that when domain user access the website, it will direct to the main page with Session("user_name") = Request.ServerVariables("LOGON_USER"). If a user is not a domain user, the website will direct him/her to a login.aspx instead of having the Windows authenication prompt, then set Session("user_name") = txtUserName.Text, and finally redirect to the website main page ?
We have a website for our company on one domain and we have a login form to a webmail solution on another domain.Now i would like to build a form on our website the transfers the request to the login form on the webmail domain and automatically validate the user if user and pass are correct.Need help to find the correct way of doing this. The domains is hosted by our company, the website and webmail is on different servers. I don't want to use the querystring,
View 3 Replies[Code]....
MyDomain.com. But ReturnUrl has value
[Code]....
Here's my scenario.
I've got a site called domain.com and also another product on product.domain.com. The product.domain.com requires authentication to access it. For consistancy in the user experience I have set the login url in the web.config on product.domain.com to be http://domain.com/Login.aspx. This redirection is working ok - and a sample url would be:
http://domain.com/Login.aspx?RedirectURL=/default.aspx
The problem is that the RedirectURL does not take into account that the request originally came from product.domain.com so when the authentication is successful the user is not redirected back to product.domain.com
I have come up with a solution for this but would like feedback if possible.
I changed the loginURL in the web.config to http://domain.com/Login.aspx?domain=product.domain.com so the sample url is now:
http://domain.com/Login.aspx?domain=product.domain.com&ReturnURL=Default.aspx
I then override the LoggedIn event in the membership control and check to see if the domain value pair is specified and if it is I redirect to the domain + ReturnURL.
As I said previously i'd appreciate any comments or other ways to achieve the same result.
What I want to do is take traffic that is going to shop.mywebsite.com and redirect or rewrite (I'm not sure of the terminology) the domain to be www.mywebsite.com/shop. Both shop.* and www.* are separate web applications (nopCommerce and Umbraco respectively) that don't seem to cooperate when I've tried to nest them. Both applications are in a Server 2008 R2/IIS 7.5 environment.
I've searched around stackoverflow and what I've found is a lot of answers to mapping the other direction (ie subfolder to a subdomain) but that's not what I'm looking for as far as I understand the problem.
The end goal is to combine the SEO reputation of the shop subdomain into the www subdomain. I readily admit that I might have this all backwards and am willing to try any suggestions I'm offered.
I am trying to achieve a SSO implimentation across my websites so i am using the machine key attribute to do so.now the trouble starts here as the website the user logs in is on the .net 1.1 framework and the website it it navigating to is .net 4.0.I have share the same machine-key across both the application . It works fine in my testing environment but as i move to the deployment server ,it just dosent work !So what i could do is read this article on MSDN :
http://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx
this tells me to add a domin attribute like below
<forms loginUrl="~Login.aspx" defaultUrl="Default.aspx" protection="All" timeout="80" name=".ASPXAuth" domain="asbc.com"/>
but this thing just dosent work on the 1.1 application and throws an error Unrecognized attribute 'domain'.
Where do i get to mention the domin in my 1.1 application.?
Is there a way that I can share membership (login, etc.) between two different web applications? I would like to create a smaller debug application to test some stuff in my database.
View 2 RepliesI recall some way to use a single instance of the the asp.net membership for multiple applications. For example...if I have a main single sign on portal, perhaps I'd like them to have access to Application A, B and F, but not C, D & E. Instead of maintaining different security for each application, can we have a single membership table maintaining all of the enterprise applications? So user 'John Doe' would have a single membership record, but have access to different applications.
View 3 RepliesI'm looking into building a web application platform which users will log into and be able to access other applications based on permissions. I've set up the membership provider and it is being shared between apps. Here is my problem: If I log into application A, and click on a link that takes me to application B, I have to log in again. Is there any way to share that session between applications so the user can log in once, and not have to do it every time they access a different application?
View 6 RepliesI've developed a file browser that will browser a different server shared folder. In order to get this working I'm using the unc path (\ServerSharedFolder) to return the files/folders. I've also added the following to my webconfig to get around the security <identity impersonate="true" userName="domainadmin"
password="password" />
It's simply a file browser, no create or delete functions will occur. The solution works and what I want to know is that this the safest way to do this? or the best way? I did try to use a virtual directory instead of unc path but asp.net would support this.
It took me 6 hours to figure this one out and I'm wondering if someone can give me an answer why it has to work this way. I have two PCs, one is a webserver win2k 2003 and the other is the file server running Windows XP. Both PCs are on the same company domain therefore they can see each user. The share folder has NETWORK, NETWORK SERVICE, USERS (which include IIS authenticated users), a LOCAL account, and a specific User (which is me) that is given access to read. In my web application, I call a server.mappath. In IIS6.0, anonymous is disabled so users use integrated Windows Authentication. I can see this by verifiying User.Identity.Name.ToString(); Next, I also check WindowsIdentity.GetCurrent().Name.ToString();. In my first run, I set impersonate to true and thats it. Both User.Identity and both Windows.Identity show: mydomainsmith_B as an example.
When trying to access the UNC virtual path whcih has "Always use the authenticated user's credentials when validating access to the network directory" checked. This means , IIS6.0 will pass mydomainsmith_B credentials to the file server. I get an access denied which is verified by a thrown exception. I go back and check the file server and under the security tabs, I did add myself which shows smith_B under the security and for kicks, I'm also under Share tab.
Next, I try to authenticate using a "LOCAL" account on the file server. The local account is called username/password: temp/temp. So I set web.config to impersonate=true, userName=temp password=temp. Okay, so I go back into IIS 6.0 and for the virtual directory, I go to "Connect As" and set Username and password to: temp/temp and un-check "always use the authenticated user's credential". Finally, i reload the page. This time the page shows me:
User.Identity.Name: mydomainsmith_B
WindowsIdentity.GetCurrent().Name: temp
perfect, so now I'm impersonating temp. I click a button to access the UNC path and boom, it all works. So why doesn't my local PC authenticate ME, as MYSELF, which is on the domain, which is on the same domain. Why do I have to impersonate a local account to the file server? Why can't I just impersonate myself? Also, If I disable impersonation, it becomes NT AUTHORITYNETWORK SERVICE. This service also can't access the UNC path even when I have enabled the same security and same share settings.