C# - .NET Cross-Sub-Domain Single Sign-On Cookies
Oct 28, 2010
I have a Single Sign-on solution which is working great in our test environment. It uses Cross-Sub-Domain cookies to share the authentication ticket between 2 web applications. Sign-on is done only on one of the applications and on the second site the user is authenticated by the cookie created by the first site.The problem is that when I roll it into the production environment the single sign-on no longer works. I'm looking for any ideas on why this might be. More details below:1) Both apps are implemented using ASP.NET MVC2
[code]...
View 1 Replies
Similar Messages:
Feb 16, 2011
m using visual studio 2008.my requirement is to implement single sign on across many domains without using cookies. is this possible?for example, i have 3 domains (hosted in 3 different systems).[URL]i implemented single sign on with cookies, if the sites are hosted in single system then it is working. but it doesnt work if cookies are disabled.i tried all made all possible google searches, but couldnt find anything useful.
View 2 Replies
Mar 3, 2010
I have integrated Third party advertise module in my website. their domain s "http://rotator.adjuggler.com/".they read cookie from this domain and display advertise based on cookies value. now I want to set cookies on this domain from my website.though this is not possible. they have provided url to set cookies.http://rotator.adjuggler.com/servlet/cookie?action=set&name=test&value=1&maxage=2592000we can set cookies on their doemain by calling above ur.Problem:1) we can't make xmlHttp request because this is cross-doamin link.2) we can't use jquery because it uses xmlHttp as native implementation.3) i have tried to set above url in <img src="..." > and <script src="...">. both not working.but when i paste above url in address bar it works.can anybody have idea how to call above url from Code.
View 2 Replies
Aug 23, 2010
How can I use a Guid for implementing single sign on the same domain? I can't use sessions as the different web apps would open in new windows hence loosing the session.
Technology used: ASP.net 3.5, MVC2 architecture, C#.
View 1 Replies
Jul 28, 2010
I have a main domain "mydomain.com" and then a sub domain "forums.mydomain.com". If a user visits "forums.mydomain.com" without being logged in, they are redirected to "mydomain.com/login.aspx".
The two scenarios are:
If they are redirected to the login page with "mydomain.com/login.aspx?ReturnUrl=http://forums.mydomain.com", then they are succesfully logged into the forums but NOT the main site.
If they are simply redirected to the login page with "mydomain.com/login.aspx" with no returnUrl, they are correctly logged into both the main site and the forums.
View 2 Replies
Mar 15, 2011
I have developed an web application which use cookies to store data. I need to clear cookies on sign out from application.I am new to asp.net. How can i clear cookies.
View 3 Replies
Apr 28, 2010
EDIT: At first I thought it wasn't working cross domain at all, now I realize it only works in IE. I'm using jQuery to call a web service (ASP.NET .axmx), and trying to us jsonp so that I can call it across different sites. Right now it is working ONLY in IE, but not in Firefox, Chrome, Safari. Also, in IE, a dialog pops up warning "This page is accessing information that is not under its control..."
$.ajax({
type: "POST",
[URL],
dataType: "jsonp",
success: function(data) {
alert(data.prop1);
},
error: function(XMLHttpRequest, textStatus, errorThrown) {
alert(XMLHttpRequest.status + " " + textStatus + " " + errorThrown);
}
});
And the server code is:
[ScriptService]
public class TestService : System.Web.Services.WebService{
[WebMethod]
[ScriptMethod(ResponseFormat = ResponseFormat.Json)]
public void HelloWorld() {
string jsoncallback = HttpContext.Current.Request["jsonp"];
var response = string.Format("{0}({1});", jsoncallback, @"{'prop1' : '" + DateTime.Now.ToString() + "'}");
HttpContext.Current.Response.Write(response);
}
}
View 2 Replies
May 18, 2010
I need to validate a coming request where form is being submitted from the another domain to my website,
Like
[URL]
Remote site:
[URL]
Now this submit.aspx form get submitted to my website,
how to validate on [URL] that request is coming from [URL] only.
View 2 Replies
Mar 29, 2011
I am trying out jsonp with jQuery. I found many examples on the web and I believe my code is correct, but its still not working for me.
My web service:
using System.Web;
using System.Web.Script.Services;
using System.Web.Services;
using System.Web.Script.Serialization;..........
Firebug shows this is a success, but I am getting null from the alert. I have my webservice in iis7 locally and I am testing through my debug in my client project.
I need to get cross-domain working.
View 2 Replies
May 5, 2010
I´m using mvc futures 2 with WebApiEnabled for XML and JSON support. But due to cross domain issues with jQuery $.ajax I´m lookin in to JSONP. Is there a simple way to extend futures rest function for JSONP or should I do something else.
View 1 Replies
Jan 21, 2010
There are two web applications App1 & App2. A user would submit his information on App1 though a form. On click of a specific button/link on App1, the same data should be posted to a page on App2 and the user should also be redirected to the same page on App2.I would like some help in finding out the best way to implement this functionality.
One of the approaches that I have already tried out is by creating a temporary HTML form at runtime, setting the action attribute of the form to the App2 Page and get the form posted by using javascript submit. The data can then be fetched on App2 page by using the response.form object.This approach works well, but i was still wondering if there is any other way to implement the required functionality.
give some insights on using RESTful webservices to implement this, or else, using some HttpModule to intercept requests at App1 and modify redirect response to app2 or any other approach that you might find fit for the purpose.
Edit: Using querystring isnt an option for me.
View 6 Replies
Feb 7, 2011
How to solve the Cross domain issue using webservices?
View 4 Replies
Sep 1, 2010
This is a followup question to the one here
Here's briefly what I am trying to do. The File server creates a text file to indicate an end of the process. On a webpage on the Web Server, I loop every x seconds and make an ajax request to find out if the test file exists (ajax request to [URL]
I've tried the following approaches so far:
Trigger a web method from the client side that creates a HttpContext object to verify if the text file exists. But this is too strenous on the server and I started getting all kinds of exceptions in the Event Viewer.
View 3 Replies
Mar 15, 2010
I realized that IE8 does not allow links from cross domains to be displayed in IFrame.
It seems like there are only two Header options that Microsoft allows to modify.
X-FRAME-OPTIONS : "DENY" (This does not display any IFrame content )
X-FRAME-OPTIONS : "SAMEORIGIN" (Displays content from the same domain)
Is there a work around to allow content from other domains to be displayed?
View 1 Replies
Jan 20, 2010
How can I get a user's geolocation information (City and Country - internet service provider and internet speed would also be great) based on their IP address?
I've searched and found several tools for doing this but I seem to run into problems using them with asp.net mvc. Many of them relate to using json and the "security risk" involved in cross domain ajax calls.
View 1 Replies
Nov 15, 2010
UPDATE1:
here is what i am getting when i copy and paste the service url in the IE browser:
[Code]....
View 5 Replies
Feb 17, 2011
Is there any way to get an iframe current URL after it had been changed when the user has clicked a linked inside the iframe. I am talking about cross-domain iframe. If not, is their any web browser control for ASP.net that can give me the URL of that the user is currently browsing?
View 2 Replies
Feb 22, 2011
I wont to restrict my web service only for few domains.
I wont to have access to web service from using ajax and my page, and I don't want that anybody can create client to my WebService and view my web service methods.
View 4 Replies
Nov 16, 2010
We have a lot of domains running on one IIS WebSite/AppPool.
Right now we are in the process of implementing SSO with Windows Identity Foundation.
in web.config the realm has to be set with
<wsFederation passiveRedirectEnabled="true" issuer="http://issuer.com" realm="http://realm.com" requireHttps="false" />
My problem is that the realm is dependent on which domain the user accessed the website on so what I did is that I set it in an global action filter like this
var module = context.HttpContext.ApplicationInstance.Modules["WSFederationAuthenticationModule"] as WSFederationAuthenticationModule;
module.Realm = "http://" + siteInfo.DomainName;
My question is. When I set the realm like this, is it set per user instance or application instance.
Scenario.
User A loads the page and the realm get set to domain.a.com.
User B is already logged in on domain.b.com and presses login.
Since user A loaded the page before User B pressed login, user A will hit the STS with the wrong realm set.
What will happen here?
If this is not the way to set the realm per user instance, is there another way to do it?
View 1 Replies
Nov 16, 2010
I am making a asynchronous request to different server for some data using jquery. It works fine in IE, but doesn't work in FireFox and Chrome, when it reaches the code where the request to other server is made, it freezes there and a blank page is shown. If I remove that piece of code, the ajax works fine.
Also, when I place a breakpoint at document.ready, the breakpoint is hit when debugging using IE, but it's not hit when debugging using FireFox.
Following is the JQuery I am using
jQuery(document).ready(function ($) {
$('.tabs a, .tabs span').livequery('click', function () {[code]....
View 1 Replies
Apr 22, 2010
I'm still new to windows authentication. Basically, we have a page on http://externalsite.com that needs to be accessed only by an authenticated user originating from http://internalsite. The user on internalsite is already authenticated using windows authentication.I'm confused here. How can I validate the user and obtain their role so that i can not only validate that they are authentic, but to authorize them to use this page on externalsite.com?
View 2 Replies
Feb 4, 2010
I have this polling script to check if a text file is created on the server. Works great locally, but fails when the file is on a different domain. How would i rewrite this for cross domain support?
$.ajax({
url: 'http://blah.mydomain.com/test.txt',
type: "GET",
success: function(result) {
//Success!
window.location.replace(Successful.aspx');
},
error: function(request, status, error) {
setTimeout("VerifyStatus(" + pollingInterval + ")");
}
});
EDIT: I ended up using YQL to solve the cross domain issue and although it works, YQL is really slow that's adding quite a bit of performance overhead. Can anyone suggest a better solution for cross domain JQuery calls?
View 3 Replies
Mar 10, 2010
I am browsing the page (http://jessie.mydomain.com/), then i click the Logout button in this page, it will be logout successful but it will not redirect to the page (http://www.mydomain.com/Default.aspx), it will show (http://jessie.mydomain.com/Default.aspx).
(1) In master page,
[Code]....
[Code]....
View 3 Replies
Aug 20, 2010
Here is what I want to do: I have a local site in which I want to display data from a remote site
Lets say: I want to display data of http://www.abc.com/Default.aspx on my localhost
Now Default.aspx requires some post-data which it sends to itself. Thus the __viewstate and __eventvalidation are posted back to it by itself. I want to directly post the data to Default.aspx from localhost without opening Default.aspx and display the Default.aspx's response on my localhost.
The WebApp on http://www.abc.com is configured for __eventvalidation i.e. I cannot post-data to it from my localhost without getting a __viewstate from it. I also have to post the current __viewstate of http://www.abc.com/Default.aspx to itself
View 6 Replies
Aug 30, 2010
I have basic Single Sign-On working across 2 MVC sites (call them SiteA and SiteB) using something along the lines of the following method:http://forums.asp.net/p/1023838/2614630.aspxThey are on sub-domains of the same domain and share hashencryption keys etc in web.config. I've modified the cookie so it is accessible to all Sites on the same domain. All of this seems to be working ok.The sites are on separate servers without access to the same SQL database, so only SiteA actually holds the user login details. SiteB has a membership database, but with empty users.This works fine for my required scenario which is:1) User logs into SiteA2) The application loads data from SiteA (by AJAX) and SiteB (by AJAX using JSONP)I have the following LogOn Action on my AccountController for SiteA, which is where the "magic" happens:
[HttpPost]
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
[code]...
View 2 Replies