Sharing Authentication On Different Apps On Different Sub - Domains
Jan 19, 2011
I have 2 applications. One on asp.net webforms [URL] which should provide authentication, user logs in and I can use the cookie to authenticate on my asp.net mvc app located at [URL]. All I'd like to do is able to access the cookie so I can get the userId that was stored in it using the FormsAuthentication.
They use normal authentication provided by microsoft;
<authentication mode="Forms">
<forms domain="test.com" loginUrl="Default.aspx" protection="All" path="/" requireSSL="false" timeout="45" name=".ASPXAUTH" slidingExpiration="true" defaultUrl="Default.aspx" cookieless="UseDeviceProfile" enableCrossAppRedirects="false"/>
</authentication>
This cookie should be accessible to any submain on [URL] right?
View 2 Replies
Similar Messages:
Jun 17, 2010
got [URL] - two separate apps in IIS.
Want the forms based auth to persist (they use the same database for membership)
I tried to simply add a "." before the domain name in the forms tags (see below for example) - but this didn't work - it acutally prevented me from logging in at all. how i can persist the login? Does the admin need the same values for "name", "path" and "domain" as the main site?
[code]....
View 1 Replies
Jan 24, 2011
Is there a way to share cookies across different domains and different applications (classic ASP and ASP.NET)
View 4 Replies
Jun 3, 2010
i want to maintain session data between two applications or domains [URL]. I have read on net about this, but many people pointing many different ways to do it, with people commenting +ve and -ve responses to all. Plus many are just providing theoretical answer, do this and that ,but no code at all. are these steps all that is required?
1) in web.config: <httpCookies domain=".[URL]"/>
2) store session data in sql DB as:(after preparing the db for storing sessions)
<sessionState mode="SQLServer" sqlConnectionString="Data Source=YourServer;
Integrated Security=True;database=MySessionDB" sqlCommandTimeout="30"
allowCustomSqlDatabase="true"/>
<machineKey decryption="AES" validation="SHA1" decryptionKey="..." validationKey="..." />
3)Am confused about this one: i want to set the domain for the session cookie like this
Response.Cookies["ASP.NET_SessionId"].Domain = ".[URL]";
But where should this code be written?
this entry: [URL]says: use System.Web.SessionState.SessionIDManager as a base class but the SaveSessionID method is not virtual so cannot be overridden. Options are: either explicitly re-implement the interface method or decorate SessionIDManager class and after calling SessionIDManager.SaveSessionID set Response.Cookies[SessionIdCookieName].Domain to our domain.
Only if the author had provided real code, step 3 would have been clear. Plus all this 3 steps enough to share session among the domains?
View 1 Replies
Jan 19, 2011
I have a .net webapplication with the following domains:
www.domain.com
sub.domain.com
files.domain.com
When a user is logged on to domain.com or sub.domain.com, I'd like them to share session state (i.e. be logged into both domains at once). This is possible to do by setting the domain on the session coookie to be ".domain.com". However, my problem is that the domain "files.domain.com" should not have session state due to security issues (xss attacks from user-made files hosted on that domain is an issue).
Is it possible in ASP.NET to use the same asp.net session id for these two domains, but not the third one?
View 5 Replies
Aug 15, 2010
We have several virtual applications inside one main (root) application. How to share Cache between this virtual application and main application if they are located (and always will be) on the same physical machine? By Cache i assuming System.Runtime.Caching or System.Web.Caching. Hope that i do not need to setup AppFabric Caching for this...
View 3 Replies
Apr 7, 2010
Is it better for a collection of ASP.NET web apps to share the same session database, or should each one have its own? If there is no significant difference, having a single database would be preferable due to easier maintenance. Background My team has an assortment of ASP.NET web apps, all written in either Monorail 1.1 or ASP.NET MVC 1.0. Each app currently uses a dedicated session state database. I'm working on adding a new site to that list, and am debating whether I should create another new session database, or just share an existing one with another app.
View 1 Replies
May 13, 2010
We have an ASP.NET web application which uses integrated windows authentication. It is accessed by users from two domains, A and B. A is the primary domain and B is an older domain which is going away. Web application is authenticating users using a group policy which only exists in domain A. Every user in domain B has an account in domain A. The application lives in domain A. There was no trust between the domains. So users from domain A would get silently authenticated and logged into the site. Users from domain B didn't get authenticated automatically and were prompted with the IE popup, to which they authenticated using their domain A credentials and everything worked. Now somebody has set up a trust between the domains and users from domain B get authenticated silently to IIS, and then their login fails (no group policy). So the question is:
can I either programmatically or in IIS configuration make it so that users from domain B still get prompted even though there is trust between the domains? Is there a way to tell the server where IIS is running to ignore the trust relationship maybe?
View 1 Replies
Jan 27, 2011
I've set up an ASP.NET MVC application for my company's Intranet that grabs the user's NT creds via System.Web.HttpContext.User and checks against its own database to perform authentication/authorization.This works just fine on my local machine, and I assume it will also work once deployed to the production server, but the development server is on a different domain than the users. While trying to test the app, Iget prompted for a username and password, which isn't supposed to happen. Worse, entering my login creds still doesn't work. I'm deploying a MVC 2 application to an IIS 6 server.The steps I read to take to get Integrated Windows Authentication to work included putting these lines in my Web.config file:
[Code]....
Then, on IIS in Directory Security uncheck the checkbox that allows anonymous authentication, and make certain that only Windows authentication is checked in the access methods section. I've done these things, but since I'm dealing with cross-domain authentication, it's dead in the water. I tried a Google search, and I'll continue with this, but I haven't found anything yet. I'm not incredibly savy when it comes to domain issues, so I might have seen a possible solution and not recognized it.
View 5 Replies
Mar 4, 2011
We have a server with lets say 5-10 internal ASP.NET (MVC) applications running in separate application pools as separate websites (on different ports and/or subdomains). I know nothing about the built-in ASP.NET authentication framework, so I was wondering if anyone could drop me a quick pointer in the right direction...
I want to secure all of the internal apps via one login mechanism (supporting 3-5 different roles; nothing complex). This login system would be another app/website running on the server, and to gain access to any other app, one must have authenticated via the one login system and the target app must be able to see the user's role. The internal apps will be modified at the code level to plug into this new login system (in other words, we'll modify the current apps to support the authentication).
The whole point of this is that I don't want each app to have its own login/authentication mechanism, but rather use a more "global" authentication system (everything on the same server). I am not looking for anything complex (just a company of 15-25 employees, 3-5 departments - each user must be associated with a department (role) based on their login - and each app will be tuned to show the user the appropriate data based on his role).
The question is - how do I make it so that a user's authentication status is visible across all of the different apps (in different assemblies and running separately)?
View 2 Replies
Feb 18, 2011
My requirement is multiple domains (not subdomains) share cookie of form authentication
how to implement same?
View 2 Replies
Jan 25, 2011
i want to have several domains A, B, C where a user can enter his username and password to login to a common main domain D.
So the user goes to A, B or C, enters his username and password, clicks the "login" button, and is then on the main domain D in a logged in/authenticated state. Then the user does the things he wants to do, and then clicks the logout-button and is then returned to the original domain that he came from, be it A, B or C.
What is the best way to do this?
I currently use forms authentication in ASP.NET 4.0 (C#).
View 1 Replies
May 11, 2010
I have 2 almost identical asp.net (vb) applications. 1 Development and 1 Production.
They use forms authentication that is configured to run in SQL server. Both apps use the same aspnetdb database but have different application names.
The problem I have is:I have an Identical login for each app (same username, same password), but If I change profile information for that user in the development app, the changes are reflected in production app. This isn't what I want.
View 2 Replies
Aug 10, 2010
Previously, I have implemented two separate ASP.NET Web Applications, one as a virtual application in a subfolder of the other, which successfully shared forms authentication as described at [URL]
(basically, setting up identical <forms> sections in the Web.config, and keys in the <machineKey> section)
Now, I am trying to do something similar to get BlogEngine.NET (which is a Web Site, not a Web Application) to work sharing forms authentication with a Web Application of mine. I have tried both putting it as a virtual application in a subfolder, and setting it up as a separate IIS site (same domain name, different port number), but I can't get the authentication to work at all: when I go to the blog while logged in to my Web Application, Page.User.Identity.IsAuthenticated is always still "false".
I'm really not sure how to even start debugging this, since the forms authentication is handled before any of my code runs.
[Code]....
View 1 Replies
Nov 4, 2010
We have multiple applications written in 3.5 SP1. Our new application is being written in 4.0. They all reside inside the same domain, and all the other applications share the forms authentication security ticket by setting a machine key, and setting the Name of the forms tag.
Authentication in each application still works, HOWEVER:
* In the 4.0 app, if you log in, and then go to one of the 3.5 apps you are not logged in
* If you log into the 3.5 app, you are not logged into the 4.0 app, but you are logged into all the 3.5 apps
* If you log into the 4.0 app, you are LOGGED out of the 3.5 app even if you were logged in before.
The <machinekey> tag is there and set the same in all apps
The <forms> tag is set up the same in each app except for the LoginURL
The <membership> and <rolemanager> tags are also set up the same in all apps
Is this possible between frameworks? If so, do I need to do something differently? I really would like to avoid porting all the other apps to 4.0, or porting this down to 3.5
View 1 Replies
Dec 1, 2010
I see on the bottom of blog pages a sharing buttons (Twitter and Facebook), where if clicked the link behind (which is normally the blog page url) the fshare button takes the clicker to the blog site facebook page respectively.
How does one do this in asp.net 2 , does one one use the <%# %> in the url part of these share buttons, are there any examples of how this is done?
View 8 Replies
Sep 17, 2010
Just going to start making a web application and was wondering which was better, or at least what are the main differences between them (as it probably matters what I am using them for)?
View 3 Replies
Aug 2, 2010
So we have been using the same login gode to connect to various domains in asp.net, with and without MVC. The code works. We have a new server, first one to run server 2008 r2, set up with a directory structure similar to one of the ones that has been working. Using forms authentication, I set up in the web.config
<add name="ADConnectionString" connectionString="LDAP://10.1.XXX.XXX"/>
and
<!--<authentication mode="Windows" />-->
<membership defaultProvider="MyADMembershipProvider" >
<providers >
<add name="MyADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
connectionUsername="XXXXBrown.Eric"
connectionPassword="XXXX"
connectionProtection="None"
/>
</providers>
</membership>
It connects to build the membership provider just fine, but when I tryto use the exact same username and password to login on the forms login page (the stock asp.net stuff) it fails to login. same user, same password that's being used to connect with the membership provider. If I change the password in the web.config, I get an error that it's incorrect, so I know that the membership provider is getting connected with those credentials. What I can't figure out is why can't I use the same credentials to login? I've checked:
The user is not locked.
the user is not set to change password on next logon.
The user is not expired.
View 1 Replies
Jun 15, 2010
I want to redirect different domains which I have to my newly created website using dotnetnuke. As it is currently working on this site [URL](when user type thescripts.com it redirects user to [URL]
View 2 Replies
Feb 26, 2011
Question, I have a few asp.net c# projects... but I only use one webhosting to host all the projects. My question is,
Is it possible for me to register like 2 domains and point each domain to 2 projects within that web host?
For example:
Http://mysite1.com will point to the "../project1/default.aspx"
http://mysite2.com will point to the "../project2/default.aspx"
View 7 Replies
Apr 21, 2010
So I know you can share your cookies across subdomains eg. staging.mysite.com and www.mysite.com etc by setting the domain of the cookies to ".mysite.com"
BUT, is there a way to share across all the sub domains EXCEPT one. e.g. the cookies will not persist on images.mysite.com?
View 1 Replies
May 6, 2010
I have a website which has two domains added. Both domains point to the root of the website. Is it possible to alter the robots.txt so that one of the domains doesn't get crawled, while the other still does?
View 1 Replies
Oct 15, 2010
I have an ASP.NET app running on a webserver. A third party is created another app in PHP which needs to send data to my app for processing. Initially it was assumed that the PHP app would be deployed elsewhere so we agreed that the communication would occur over the internet via HTTP (over SSL). My app would simply use a generic handler (ashx) file to recieve the data and send confirmation back.
Now it seems that the PHP app might be deployed on the same machine as my app. I like the fact that using HTTP (as opposed to say direct database access), the PHP app needs to know nothing at all about how my app works. But using the public internet seems silly for communication between two apps on the same machine. If the PHP app simply used a localhost address, would this ensure that all the data stays within the machine? Is there a better way to do this?
View 4 Replies
Jan 17, 2011
I'm starting to plan an architecture for a big web application, and I wanted to get suggestions and/or recommendations on where to begin and which technologies and/or frameworks to use.The application will be an Intranet-based web site using Windows authentication, running on IIS and using SQL Server and ASP.NET. It'll need to be structured as a main/shell application with sub-applications that are "pluggable" based on some configuration settings.
View 3 Replies
Jun 18, 2010
I'm starting to think about and develop an architecture for a big web application, and I wanted to get suggestions and/or recommendations on which technologies and/or frameworks to use.The application will be an Intranet-based web site using Windows authentication, running on IIS and using ASP.NET. It'll need to be structured as a main web application with sub-web applications. Essentially, the entire scope is a composite browser-based, Intranet application that is composed of discrete, functionally complete modules or sub-applications.
View 2 Replies