I have 2 subdomains:
www.mysite.com
store.mysite.com
I followed these instructions: http://www.codeproject.com/KB/web-security/aspnetsinglesignon.aspx
The only thing I don't understand is where to put the cookie code?
[Code]....
Does this go in the LoginControl_LoggedIn event? Application_AuthenticateRequest?
Also, what if I have 2 different domains?
I would like to know how to implement Single Sign On across subdomains running on a mixture of programming platforms, asp.net and php?
View 1 RepliesWe migrated our web server to window server 2008, IIS 7.
We have single sign on application - that we login through one application called "users" and then no need to login to other applications, they all use the same machine key and cookie.
it works fine when all then applications under the same application pool.
but we have one application that is asp.net 2005. (the rest are asp.net 2003) the user application is in asp.net 2003 and that other application is in asp.net 2005.
so each application is in a different application pool. -
one pool to asp.net 1.1 and other pool to asp.net 2.
when I run the asp.net 2005 application
I get the login page and after I login I get the following errer:
HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested Url: /users/Unauthorised.aspx
Important: If I switch the "user" application (the login) to work under the same pool as my asp.net 2005 application, then it works fine with the asp.net 2005 application,but I get the above error for the asp.net 2003 applications
All this happened after we switched to IIS 7 Windows 2008, with IIS 6 it works great!
I am using classified starter kit for various purposes like for business listing,classified listing and event listing.These are 3 independent application with their membership information stored in their independent database.I have used this 3 listings in a portal .I need a single sign on now.
I tried to do with machinekey & cookie .This way user able to login but as there is no record in that database for that user.So even if he post anything in that application it stores memberid field as zero. So in this case what should be done. i am stuck here since few weeks.
I have a web app located at [URL] and I have several domains, such as [URL], [URL], etc. all pointing to the same directory in IIS. I use Host Headers to acheive this by setting the 'Host Header Values' under properties for the main site (under the Web site identification section). Based on the host header value I perform different functions in my pages.
Because of the way I have it set up, all the domains share the same files, web.config, etc. I have set the 'machinekey' in my web.config and have forms authemtication. However, when I go to MyMainSite.com and log in and then the user clicks a link and gets directed to MyFirstSite.com the user is shown as logged out. I need the user to be logged in and I need to be able to access the logged in user profile to display certain information. I thought by setting the 'machinekey', i could acheive this, but it does not seem to work.
how to go about having a single log on for my users?
The articles I have found show the same domain or have different domains each with a different web.config. The way they describe does not seem to work for me.
How to implement Single sign on in asp.net web application.
Give me to full tutorial. How to implement this in two apps.
I am trying to get this to work, and having a heck of a time.
I want users who log into my site to be able to access the KickApps site I created using single sign on.
They provided a helper code:
http://www.kickdeveloper.com/images/stories/docs/KickApps.cs
And the sample code is at the top of that.
It will not give me a response back other than "Nothing"
I am new to web services and single sign-on, and any help would be greatly appreciated. I am using the standard log-in system for vs, and want it so that after they log in, and load my special page, it redirects them to the kickapps app, where they are already signed in.
I have this tutorial on Single Sign On with forms authentication.The following link:
[URL]
I did item number 1 which is "SSO for parent and child application in the virtual sub-directory" and it works fine BUT I can't seem to stay logged in because each time I leave and reenter the application I get redirected to the login page.
Is this an inherent feature of forms authentication?
What happened to authorized cookie generated by forms authentication?
While waiting for responses, I will look for answers.
I am working as a trainee in a software company.
I want to implement Single Sign-On in two different applications(different domains).
We have intranet based web application in ASP.Net, needs to be configure for single sign on authentication at client place.
Our client has existing intranet based web site in classic ASP. After successful login to this site in asp, employee will have a link to access our web portal without entering any credentials again. Please note that both sites are having differnet virtual
directories or different domains.
Is there any way to achieve this sinlge sign on authentication than LDAP or Cokie based authentication.
Does Microsoft 3.5 provides some enterprise service to acheive the same?
I am trying to use the concept of Single Sign On (SSO) in my asp.net application.
for the purpose i have created a main domain say
mydomain.com.
now i have 2 subdomains
sub1.mydomain.com & sub2.mydomain.com.
I am running these very fine. But now I want to have a SSO for my domains. For the same have
googled lot and found some stuff such as adding machine key to web.config and specifying domain names in cookies.
But it is not at all working for me. when I specify the domain name for cookies i am unable to sign out.
I am using FormsAuthentication in asp.net.
Following is the code I have in my web.config.
[Code]....
I have the same code in web.config of each domain.
I have placed the code for each domain in different directory on my website.
for ex. mydomain.com ---------> F:/HostedSites/mydomain
sub1.mydomain.com ---------> F:/HostedSites/subdomain1
sub2.mydomain.com ---------> F:/HostedSites/subdomain2
my Authentication code is
[Code]....
and sign out code is
[Code]....
Can anybody tell me where exactly I am wrong ? what changes do i need to do at server end also.
I am checking this on my testing domain ie. mydomain.tv. can this be a problem ?
[Code]....
MyDomain.com. But ReturnUrl has value
[Code]....
I've had no problems implementing CAS however I have hit an issue with its timeout. It appears my Uni has the timeout set to about 15 minutes. Some forms (specifically ones for our HR department) take a lot longer than 15 minutes to fill out. The result being that when they click the Save/Submit/whatever button, CAS refreshes its login, sends them back to the same page, and resets the page to default (since it's essentially reaccessing it).
Is there any easy way to force my SSO to refresh at set intervals? I tried to use another page (embedded in an iframe that I added to all .Master pages) whose page load contained:
[Code]....
im using visual studio 2008. my requirement is to implement single sign on across many domains without using cookies. is this possible? for example, i have 3 domains (hosted in 3 different systems). www.domain1.com www.domain2.com www.domain3.com and cookies are disabled. i implemented single sign on with cookies, if the sites are hosted in single system then it is working. but it doesnt work if cookies are disabled. i tried all made all possible google searches, but couldnt find anything useful.
View 5 Replies I have this .net page that is iframing a page that requires username and password. Does any one know if a way i can provide this page the username and password behind the scenes and autologin the user (from thier eyes at least)?
The calling page is a ..NET page but the page that I am iframing in is a classic ASP page.
I was told that i may have to do something like create a security auth ticket and pass the token which I am not sure how to do or even start
I am planning to have 2 subdmains on my IIS server. Example - [URL]. So if someone logs on Portal and if we clicks on the App link, he should be successfully logged into App.
SO basically 1 signin for both subdomains. How to achieve it in ASP.Net 4, C#, VS.Net 2013?
I find myself in a difficult situation. We're working on an ASP.NET MVC 2 application which is comprised of multiple sections. It is a design goal to have these sections span across several subdomains. Each subdomain will have its own controller.
The challenge is that our hosting provider's control panel allows two forms of redirection for subdomains, and neither of them seem to fit the bill. The choices are:
Redirecting to URL. Choice is given whether to redirect to an exact destination or a destination relative to the request URL. Redirecting to a specific folder in my hosting space.
I'll try to illustrate the intended behaviour. Assuming the default route is {controller}/{action}/{id}, I'd like the URL http://subdomain.welcome.com/a/b be handled by the MVC Application like http://welcome.com/subdomain/a/b.
The URL redirection could solve this problem, except for the fact that the user sees a URL change occur in the browser. We don't want the client to see the redirection occur.
Redirecting to our MVC apps root folder doesn't work at all. The app doesn't pick up the request and a 4xx error gets passed back by IIS.
edit:
In the interest of finding an answer, I'll simplify this a bit. The "redirect to URL" doesn't do what I want so that leaves redirecting to a folder.
If I'm redirecting a subdomain to the root folder of my MVC App and IIS wont pick up the requests, is this a limitation of IIS or my provider?
I have three asp.net web applications
,Second and Third applications are accessed throught the first,So Authentication (form authentication) is happening from the first application only , all are deployed on same IIS with seperate virtual directory
Like
1.Localhost/EmpMananger
1. Localhost/Hr
2.Localhost/Payroll
, I used the same Entires in both <machineKey> and
<forms> Elements in webconfig file of all applications,
Applications are working fine and Page.User.Identity are available in all applications but once loginUrl and defaultUrl entry is changed to actual name other than localhost
Eg: localhost/EmpManager/default.aspx To myserver/EmpManger/default.aspx
the authentication ticket is not available in second and third applicaiton
I have basic Single Sign-On working across 2 MVC sites (call them SiteA and SiteB) using something along the lines of the following method:http://forums.asp.net/p/1023838/2614630.aspxThey are on sub-domains of the same domain and share hashencryption keys etc in web.config. I've modified the cookie so it is accessible to all Sites on the same domain. All of this seems to be working ok.The sites are on separate servers without access to the same SQL database, so only SiteA actually holds the user login details. SiteB has a membership database, but with empty users.This works fine for my required scenario which is:1) User logs into SiteA2) The application loads data from SiteA (by AJAX) and SiteB (by AJAX using JSONP)I have the following LogOn Action on my AccountController for SiteA, which is where the "magic" happens:
[HttpPost]
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
[code]...
There are subdomains: sub1.domain.ru, sub2.domain.ru, sub3.domain.ru, sub4.domain.ru. On default page there is a code:
protected void Page_Load(object sender, EventArgs e)
{
string subdomain = Cache[key] as string;
if (subdomain != null)[code]...
Will users see their subdomain name in different subdomains(sub1.domain.ru, sub2.domain.ru, sub3.domain.ru, sub4.domain.ru) ?
I have developed an asp.net website. I Have Used Asp.Net membership provider.My Question is , I Have Three Roles , For Eg: Basic, Intermediate, Admin ...Now , i need to apply two roles for single page say basic and admin .... How can i do this ... Plz help me .... Thanx in advance ......
if (Roles.IsUserInRole("Admin") == false)
Server.Transfer("AccessDenied.aspx");
We are upgrading the asp.net 2.0 web application to asp.net 4.0. The application contain three main modules (sub application) like End User, Franchise and Admin with separate web.config, asp.net form Authentication, login page and running with single domain. the URL like,mydomain.com/login.aspxmydomain.com/franchise/login.aspxmydomain.com/admin/login.aspx In asp.net 2.0, working fine with 3 sub applications with separate form authentication under a single domain name and also we can working with all threes in same time. After the up gradation process (ASP.NET 2.0 to 4.0),We didn't run all three applications in same times and also form authentication crossed.
View 2 RepliesI want to deploy multiple asp.net applications on same hosting with subdomains. How it should be manged ?
I just created a subdomain and deploy application in its folder; when I tried to access application with subdomain it shows the following error:
An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Consider that I want to create 10 websites in IIS, each of them pointing to the same website on local hard drive, each one running the same code, but on different subdomain.subdomain1.domain.com, subdomain2.domain.com, ..., subdomain10.domain.comHow can I add multiple connection strings in my web.config file and bind each connection string to a different subdomain ?I want to do this because every website will have a different database with different data.
View 2 Replieswe have developed a ASP.NET application that required a username and password to login and use the application.Now on of our customers wants to use Single Sign on with their Microsoft Sharepoint Portal.
Basically they want their users to be able to login to the portal, and then be able to access our application, without having to provide their login details again.Does anyone have experience with implementing Single Sign on?