Security :: Single Sign On IIS 7 Multiple Application Pool
Oct 20, 2010
We migrated our web server to window server 2008, IIS 7.
We have single sign on application - that we login through one application called "users" and then no need to login to other applications, they all use the same machine key and cookie.
it works fine when all then applications under the same application pool.
but we have one application that is asp.net 2005. (the rest are asp.net 2003) the user application is in asp.net 2003 and that other application is in asp.net 2005.
so each application is in a different application pool. -
one pool to asp.net 1.1 and other pool to asp.net 2.
when I run the asp.net 2005 application
I get the login page and after I login I get the following errer:
HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested Url: /users/Unauthorised.aspx
Important: If I switch the "user" application (the login) to work under the same pool as my asp.net 2005 application, then it works fine with the asp.net 2005 application,but I get the above error for the asp.net 2003 applications
All this happened after we switched to IIS 7 Windows 2008, with IIS 6 it works great!
View 2 Replies
Similar Messages:
Apr 21, 2010
I have 2 subdomains:
www.mysite.com
store.mysite.com
I followed these instructions: http://www.codeproject.com/KB/web-security/aspnetsinglesignon.aspx
The only thing I don't understand is where to put the cookie code?
[Code]....
Does this go in the LoginControl_LoggedIn event? Application_AuthenticateRequest?
Also, what if I have 2 different domains?
View 2 Replies
Sep 30, 2010
I am trying to use the concept of Single Sign On (SSO) in my asp.net application.
for the purpose i have created a main domain say
mydomain.com.
now i have 2 subdomains
sub1.mydomain.com & sub2.mydomain.com.
I am running these very fine. But now I want to have a SSO for my domains. For the same have
googled lot and found some stuff such as adding machine key to web.config and specifying domain names in cookies.
But it is not at all working for me. when I specify the domain name for cookies i am unable to sign out.
I am using FormsAuthentication in asp.net.
Following is the code I have in my web.config.
[Code]....
I have the same code in web.config of each domain.
I have placed the code for each domain in different directory on my website.
for ex. mydomain.com ---------> F:/HostedSites/mydomain
sub1.mydomain.com ---------> F:/HostedSites/subdomain1
sub2.mydomain.com ---------> F:/HostedSites/subdomain2
my Authentication code is
[Code]....
and sign out code is
[Code]....
Can anybody tell me where exactly I am wrong ? what changes do i need to do at server end also.
I am checking this on my testing domain ie. mydomain.tv. can this be a problem ?
View 2 Replies
Mar 30, 2011
I am using classified starter kit for various purposes like for business listing,classified listing and event listing.These are 3 independent application with their membership information stored in their independent database.I have used this 3 listings in a portal .I need a single sign on now.
I tried to do with machinekey & cookie .This way user able to login but as there is no record in that database for that user.So even if he post anything in that application it stores memberid field as zero. So in this case what should be done. i am stuck here since few weeks.
View 4 Replies
Jan 30, 2010
I have two .NET applications X and Y
a. I want to have User A as a common user for both application X and Y.
b. User A can have different roles on X and Y. Eg. Read permission on Y and Write Permission on Y.
How do i configure ASP.NET membership to achieve about functionality.
View 3 Replies
Sep 10, 2010
I need to create a single sign-on structure and my question is: is SSL a must?
Details:
The application will have a link to my web application. When the user clicks that link, their local username will be passed to my web app at which point a look-up in a mapping file is done. If that local username exists in the map, then the user is logged in. If not, then the user will be prompted to enter their network username and password, and when authenticated, an entry in the map will be created.
How do I ensure that user is who they say they are and not Joe Blow from off the street sending in an HTTP POST request with that username?
Do I have to use SSL (and if so, what does that entail)? Would adding a salt and encrypting the username be sufficient? Maybe locking it down so the source IP has to be within a controlled range?
My web app runs on IIS 6/7 and uses the ASP.NET MVC framework, if that is important.
View 3 Replies
Oct 13, 2010
I have a web app located at [URL] and I have several domains, such as [URL], [URL], etc. all pointing to the same directory in IIS. I use Host Headers to acheive this by setting the 'Host Header Values' under properties for the main site (under the Web site identification section). Based on the host header value I perform different functions in my pages.
Because of the way I have it set up, all the domains share the same files, web.config, etc. I have set the 'machinekey' in my web.config and have forms authemtication. However, when I go to MyMainSite.com and log in and then the user clicks a link and gets directed to MyFirstSite.com the user is shown as logged out. I need the user to be logged in and I need to be able to access the logged in user profile to display certain information. I thought by setting the 'machinekey', i could acheive this, but it does not seem to work.
how to go about having a single log on for my users?
The articles I have found show the same domain or have different domains each with a different web.config. The way they describe does not seem to work for me.
View 1 Replies
May 4, 2010
How to implement Single sign on in asp.net web application.
Give me to full tutorial. How to implement this in two apps.
View 3 Replies
Feb 15, 2011
I am trying to get this to work, and having a heck of a time.
I want users who log into my site to be able to access the KickApps site I created using single sign on.
They provided a helper code:
http://www.kickdeveloper.com/images/stories/docs/KickApps.cs
And the sample code is at the top of that.
It will not give me a response back other than "Nothing"
I am new to web services and single sign-on, and any help would be greatly appreciated. I am using the standard log-in system for vs, and want it so that after they log in, and load my special page, it redirects them to the kickapps app, where they are already signed in.
View 1 Replies
May 20, 2010
I have this tutorial on Single Sign On with forms authentication.The following link:
[URL]
I did item number 1 which is "SSO for parent and child application in the virtual sub-directory" and it works fine BUT I can't seem to stay logged in because each time I leave and reenter the application I get redirected to the login page.
Is this an inherent feature of forms authentication?
What happened to authorized cookie generated by forms authentication?
While waiting for responses, I will look for answers.
View 5 Replies
Apr 7, 2010
I am working as a trainee in a software company.
I want to implement Single Sign-On in two different applications(different domains).
View 2 Replies
Feb 17, 2010
We have intranet based web application in ASP.Net, needs to be configure for single sign on authentication at client place.
Our client has existing intranet based web site in classic ASP. After successful login to this site in asp, employee will have a link to access our web portal without entering any credentials again. Please note that both sites are having differnet virtual
directories or different domains.
Is there any way to achieve this sinlge sign on authentication than LDAP or Cokie based authentication.
Does Microsoft 3.5 provides some enterprise service to acheive the same?
View 5 Replies
Feb 11, 2011
[Code]....
MyDomain.com. But ReturnUrl has value
[Code]....
View 1 Replies
Dec 7, 2013
I am going to create application, in that application, i need feature of single sign on application.if i am login with 1 application, i suppose to login with others application.ex. if i login in gmail, then i automatically login with You Tube...
View 1 Replies
Jun 10, 2010
I've had no problems implementing CAS however I have hit an issue with its timeout. It appears my Uni has the timeout set to about 15 minutes. Some forms (specifically ones for our HR department) take a lot longer than 15 minutes to fill out. The result being that when they click the Save/Submit/whatever button, CAS refreshes its login, sends them back to the same page, and resets the page to default (since it's essentially reaccessing it).
Is there any easy way to force my SSO to refresh at set intervals? I tried to use another page (embedded in an iframe that I added to all .Master pages) whose page load contained:
[Code]....
View 1 Replies
Feb 16, 2011
im using visual studio 2008. my requirement is to implement single sign on across many domains without using cookies. is this possible? for example, i have 3 domains (hosted in 3 different systems). www.domain1.com www.domain2.com www.domain3.com and cookies are disabled. i implemented single sign on with cookies, if the sites are hosted in single system then it is working. but it doesnt work if cookies are disabled. i tried all made all possible google searches, but couldnt find anything useful.
View 5 Replies
Apr 22, 2010
I want to implement single sign on in my asp.net web application. Scenario is something like below:
user will get registered / sign up at "account.example.com"
there will a link to "professional.example.com"
when user goes to this link (step 2), they must remain logged in over here.
View 2 Replies
Jan 15, 2010
I have this .net page that is iframing a page that requires username and password. Does any one know if a way i can provide this page the username and password behind the scenes and autologin the user (from thier eyes at least)?
The calling page is a ..NET page but the page that I am iframing in is a classic ASP page.
I was told that i may have to do something like create a security auth ticket and pass the token which I am not sure how to do or even start
View 1 Replies
Jun 18, 2010
I'm analizing this situation:
-I've ASP.NET intranet application
-I've to centralize users' passwords in my domain and have visibility of them.
-Each user must change his own password each 3 months.
-Each user must have only one password for the access to Windows,Intranet application and ERP application
Is there a way to block all user accounts periodically and asking them to insert the new password after the logon to windows?after that i could make a query that update the passwrod in Intranet and ERP application.
View 1 Replies
Aug 9, 2010
My website security is configured with "Windows Integrated Security" only (anonymous is disabled).
I also want to set a specific account to run the w3wp.exe process using the
Application Pool Identity to a domain account.
Running directly from the server works without any problem but from remote computers I always get the authenticaion window then the 401.1 error (after 3 attempts).
It seems that its the combination of "Windows Integrated Security" along with the "Application Pool Identity" that causes the problem. When I disable one of the two it works properly.
My server is Windows Server 2003 R2, running IIS 6.0.
View 1 Replies
Jul 9, 2010
I have 2 different applications hosted on an IIS server. I have created a new application pool.Can i run both the applications on the same pool??Will sessions or other values of one application be available to the other application if I do it this way?
View 2 Replies
Jun 9, 2010
In our IIS (v 6.0) there is one classic ASP app deployed, which has around 35 concurrent users. Now, a new ASP.NET(3.5) app needs to be deployed on the same server which will have its own 50 concurrent users. In this scenario should we create a Application Pool for this new .net app? What are other recommendations for the IIS settings in future?
View 3 Replies
Oct 29, 2010
2 server web farm windows 2008 r2 nlb. In IIS I enable windows authentication all other authentication is disabled. Code behind
[Code]....
web.config
[Code]....
The code returns the application pool custom account e.g. DOMAINWebApp_user. What I want is the logged in user's username. How do I get this?
View 2 Replies
Jan 12, 2011
below written question :
1.) What is the name of the OS process in which App Domain resides.
2.)if suppose There are Three Windows application hosted on a same envoirment and two instance is working for each application at a Time, means now total instance are six .what will happen among the below written cases :
a.) There will be six different app domain in a single OS process
b.) There will three app domain(one for each application) in a single OS process and some Parallel thread will be executed in each app domain for another instance.
c.) There will be Three OS process corresponding to each application.
3.) If eveything will remain same except there are three web application in place of windows in point 2, will there be any change in functioning.
View 1 Replies
Mar 16, 2011
If I enable Anonymous in IIS under windows 2003, the ASP.NET will execute code under IUSR_XXX or account of application pool?
View 3 Replies