C# - Share Session Between Domain And Sub-domain?
May 4, 2010
We're doing a whitelabelled version of our site, which will be hosted at foo.ourdomain.com.
However we need to ensure session is maintained between www.ourdomain.com and foo.ourdomain.com, as our SSL certificate only covers the main domain.
In practice this means we'll swap to the main domain on our payment pages, which run HTTPS, and then redirect back to the subdomain, after payment.
So the question is: How do we maintain the session when doing so ?
I've tried with <httpCookies domain=".ourdomain.com" /> in web.config to no avail :-(
Edit: Figured it out now, I lacked domain on my <forms /> tag to handle login properly.
View 1 Replies
Similar Messages:
Feb 17, 2011
I have also installed SSL on a subdomain. I have put payment page under this sub domain.
View 4 Replies
Mar 8, 2010
I have two websites (domain and subdomain), something like this: www.website.ro and en.website.ro and I am trying to share a cookie between them. I have set the cookie domain to "website.ro", I tried setting it to ".website.ro", but it doesn't work. I can only read the cookie in the website that created it.
View 5 Replies
Apr 23, 2010
I've been researching and I've spent pratically all day on this. Here's my issue. The website uses forms authentication that we authenticate against active directory. I've been attempting to access files we have on a network share and push them down to the user (when they request them) in an http response. I keep getting "Access to the path <unc path> is denied".
Here's the code:
[Code]....
Things I've tried:1) When I add the "Computer" to the permissions of the folder it works and I dont even need to emulate a user (essentially just commenting out this code), but I'm not sure we want to explicitly give the computer access to some of our network shares 2) I've verified it's the correct username and password for the active directory account and that they have permissions on these network shares 3) I've fooled around with the WebProxy class with no luck (as I'm not entirely familiar with it) 4) I've tried impersonating the user by creating a windows token and passing the token as credentials (i've done this with similar websites) with no luck, plus this seemed a bit complicated for something I figured would be relatively easy.Its almost as if, the WebClient class isn't even using the credentials i've passed it.We've got it working now, but only by giving the "Computer" specific permissions on the network shares, which we'd like to avoid.
View 1 Replies
Sep 28, 2010
My feeling says it's not posible but anyway I am curious if there is at least a workaround for accomplish this.Basically I am working at my client site and my machine is not connected to the domain.What I want to do is running a web application locally under a domain account, and using the webdev server.The webapp uses the default authentication, windows authentication that is.I tried using impersonation with domainuser & password but I got the following error Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'Logon failure: unknown user name or bad password.I have to mention that the username and the password are correct.
View 1 Replies
Aug 3, 2010
We have a ASP.NET site that partially depends on forms authentication for login credentials, however the implementation of IPrincipal is completely custom.
But, when running the site on a particular server (which is somewhat semi-hardened when it comes to security), the app crashes when invoking IPrincipal.IsInRole() with the following messsage:
System.SystemException: The trust relationship between the primary domain and the trusted domain failed.
This indicates a communication error between the web-server and the DC, however since our application doesn't at all utilizes Windows authentication, I don't see why it needs to communicate with the DC.
This is my implementation:
[code]...
EDIT:
I was finally enable to reproduce this error on my dev-machine (i revoked my machine from the DC yesterday, but didn't reproduce it until today)
HttpContext.User is actually a WindowsPrincipal by default it seems, and the error in my code was that I only replace it with CustomPrincipal upon login. Hence, unathenticated users still get the WindowsPrincipal which then fails horribly if you have trust issues on your AD.
I tried changing the default principal by invoking this on appstart
AppDomain.CurrentDomain.SetPrincipalPolicy( PrincipalPolicy.NoPrincipal);
But this doesn't seem to kick in. How do I change the default Principal in ASP.NET?
View 1 Replies
Aug 16, 2010
Im returning the username from sharepoint site as a string. This is done successfully with the below code but I also get the domain with it. How can I only return the username and not the domain either through sharepoint or programmatically removing it? domain/username
[Code]....
View 3 Replies
Sep 28, 2010
My feeling says it's not posible but anyway I am curious if there is at least a workaround for accomplish this.Basically I am working at my client site and my machine is not connected to the domain.What I want to do is running a web application locally under a domain account, and using the webdev server.The webapp uses the default authentication, windows authentication that is.I tried using impersonation with domainuser & password but I got the following error Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'Logon failure: unknown user name or bad password.I have to mention that the username and the password are correct.
View 2 Replies
Jul 28, 2010
I have two domain servers X and Y.My Asp.net Web application is hosted on Domain X.But my scope is required to authorize the user of Domain Y on the Web application hosted on Domain X server.I am using Windows Authetication mode in application
View 2 Replies
Jul 28, 2010
I have a main domain "mydomain.com" and then a sub domain "forums.mydomain.com". If a user visits "forums.mydomain.com" without being logged in, they are redirected to "mydomain.com/login.aspx".
The two scenarios are:
If they are redirected to the login page with "mydomain.com/login.aspx?ReturnUrl=http://forums.mydomain.com", then they are succesfully logged into the forums but NOT the main site.
If they are simply redirected to the login page with "mydomain.com/login.aspx" with no returnUrl, they are correctly logged into both the main site and the forums.
View 2 Replies
Jul 23, 2010
I have a domain: http://www.mydomain.com. This domain is redirected to http://mydomain.anotherDomain.com.
I user forms authorization, so when the user navigates to Default.aspx he is redirected to Login.aspx. Pretty standard stuff.
On FireFox the user can log in on both on http://www.mydomain.com and http://mydomain.anotherDomain.com.
But with Explorer http://www.mydomain.com doesn't work. I only get the Login.aspx page.
Can it have anything to do with that on http://www.mydomain.com I can't see the filename ('Default.aspx', 'Login.aspx')? How can I enable so the filename is included in the redirected domain?
View 3 Replies
Jan 27, 2011
I have an intranet web application. There are 2 user groups, group A belongs to the domain and group B does not. If I set the IIS to enable anonymous access, Request.ServerVariables("LOGON_USER") always return nothing. If I disable anonymous access and set Integrated Windows authenication, a Windows login prompt will come up if group B's users want to access the website.
How can I setup IIS so that when domain user access the website, it will direct to the main page with Session("user_name") = Request.ServerVariables("LOGON_USER"). If a user is not a domain user, the website will direct him/her to a login.aspx instead of having the Windows authenication prompt, then set Session("user_name") = txtUserName.Text, and finally redirect to the website main page ?
View 2 Replies
Oct 13, 2010
is it possible to remove Main Domain cookie from Sub Domain ?I am using single sign on .On logout i want to remove the maindomain cookie
View 2 Replies
Apr 12, 2010
We have a website for our company on one domain and we have a login form to a webmail solution on another domain.Now i would like to build a form on our website the transfers the request to the login form on the webmail domain and automatically validate the user if user and pass are correct.Need help to find the correct way of doing this. The domains is hosted by our company, the website and webmail is on different servers. I don't want to use the querystring,
View 3 Replies
Aug 30, 2010
The following code works as it was originally designed to move a file from one directory to another directory on the same server, but I need to change it to work so it will move a file from one server to another server. My challenge is how to define the source directory on a different server and check if file exists.
Code behind:
Protected Sub btnSubmit_Click(ByVal sender
As Object, ByVal e As System.EventArgs)
Handles btnSubmit.Click
[Code]....
View 2 Replies
Jan 21, 2010
could i use the begin request of Global.asax to redirect everything, from mydomain. domain to www.mydomain.domain?
View 1 Replies
Aug 24, 2010
I've got an Search Engine Optimisation problem where users are able to access my site by specifying any sub-domain. This is causing duplicate page issues with SEO.For example if a user mis-types 'www' then posts a link on a forum, google is crawling 'wwww.domain.com'. Furthermore, google is also crawling 'domain.com'.I need a way of forcing the site to always redirect to 'www.domain.com' regardless of how the user accesses the site.
View 4 Replies
Mar 8, 2010
I'm trying to use sub-domains in my ASP.NET website but I'm coming across a few problems with the session being reset.
I've edited my hosts file to have 'localhost', 'one.localhost' and 'two.localhost'. I can go to any of these URLs and do what I need to do and login to my system. The session mode is defined as follows in the web.config:
<sessionState cookieless="false" mode="SQLServer" timeout="300"
sqlConnectionString="Data Source=MyDatabase;user id=User1;password=pass"/>
I'm using SQLServer as the website will be ran as a webfarm.
What I'm finding is when I click something that causes a postback all the session is lost and a new session id is created, when this occurs my website is now 'localhost' rather than the logged in 'one.localhost' for example.
View 2 Replies
Jan 19, 2010
I've got a session/coockie from a phpbb forum. But i use in the website asp.net (the website has a different url and domain then the forum).
Can i get the session/coockie from the phpbb forum in the asp.net website?
View 1 Replies
Apr 18, 2010
I'm building a payment page in asp.net, however the page where you order your items is run in HTTP (non-secure) on my domain.
When redirecting the user to the payment site, I have to go through a different domain (my payment provider, from whom I borrow the SSL certificate), so my payment url ends up like [URL]
Now the problem is my session is lost, but I store the order in session, so I desperately needs it.
Can I somehow send the SessionID in querystring, and restore the session from it - or do I need to stuff the entire order into querystring ? (Not too certain it'll fit though, it's rather long)
View 2 Replies
Dec 7, 2012
how can i maintain session between domain and subdomains.
i have a master page in my domain say [URL] which collects username and then i redirect it to subdomain.mydomain.com, then how can i retrieve the value from the session in the subdomain Master page.
View 1 Replies
May 24, 2010
I have multiple sites with main and subdomain. all doing one same method for the login. login is done with the multi domain cookie but there is problem with the logout. I'm using cookie and session for that state.
When ever I logout form the any domain. I should logout form the all domain.
(Like yahoo or google)
As per my method , My all domain have logout page which has code
[Code]....
and main site(www.domain.com) have
[Code]....
So what can I change in this code to do the Logout process for the all subdomains.
View 3 Replies
May 17, 2010
actually i got confused in session object,view state,application domain, can u tell me where i have to use these object. can u define some sort of condition in which session object must used & view state must used & diffrence of thses object where we can only use session & where i we can only use view state
View 2 Replies
Jul 14, 2010
I have 2 applications App1 and App2 on same domain, both with Forms authentication, each using a different database instance for authentication.
First, I open a browser with application www.mydomain.com/App1 and log on.
After that, when I open another instance of the same browser with application www.mydomain.com/App2 and log on, first browser loses session and goes back to login page.
I need each application on same domain to have its own session so that both can stay logged on.
View 2 Replies
Jan 21, 2011
I am trying to achieve a SSO implimentation across my websites so i am using the machine key attribute to do so.now the trouble starts here as the website the user logs in is on the .net 1.1 framework and the website it it navigating to is .net 4.0.I have share the same machine-key across both the application . It works fine in my testing environment but as i move to the deployment server ,it just dosent work !So what i could do is read this article on MSDN :
http://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx
this tells me to add a domin attribute like below
<forms loginUrl="~Login.aspx" defaultUrl="Default.aspx" protection="All" timeout="80" name=".ASPXAuth" domain="asbc.com"/>
but this thing just dosent work on the 1.1 application and throws an error Unrecognized attribute 'domain'.
Where do i get to mention the domin in my 1.1 application.?
View 3 Replies