AuthenticationForm - cookie cross site

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by bit on Stack Overflow See other posts from Stack Overflow or by bit
Published on 2012-09-03T18:52:18Z Indexed on 2012/09/03 21:38 UTC
Read the original article Hit count: 156

Filed under:
|
|

I've 2 web site, the first one myFirst.domain.com and the second one mySecondSite.domain.com.

They stay on two different web server and my goal is allow a cross site authentication (my real need is shared authenticationForm Cookie).

I've correctly setted web config (machine key node, forms node). The only different is about loginUrl where on myFirstSite appears like "~/login.aspx", instead on mySecondSite it appears like "http://myFirstSite.com/login.aspx".

Note that I've not a virtual directory, I've just 2 different web apps.

The problem: When I reach myFirstSite login page from mySecondSite I never get redirect from login page, it seems like if cookie doesn't being written.

The following is a few of snippet about the issue:

MyFirsSite:

 <machineKey validationKey="..." decryptionKey="..." validation="SHA1" decryption="AES" />
        <authentication mode="Forms">
    <forms loginUrl="login.aspx" name="authCookie" enableCrossAppRedirects="true"></forms>
        </authentication>
        <authorization>
                              <deny users="?" />
            <allow users="*"/>
        </authorization>

MyFirstSite code behind:

 FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1, "userName..", DateTime.Now, DateTime.Now.AddMinutes(30), true, "roles..");

        string ticket = FormsAuthentication.Encrypt(fat);

        HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, ticket);
        authCookie.Expires = fat.Expiration;
        authCookie.Domain = "myDomain.com";
        Response.Cookies.Add(authCookie);

// here other stuff about querystring checking in order to execute exact redirect, however it's not work, I always return on login page

MySecondSite:

<machineKey validationKey="..." decryptionKey="..." validation="SHA1" decryption="AES"/>
        <authentication mode="Forms">
            <forms loginUrl="http://myFirstSite.domain.com/login.aspx?queryStringToIndicateUrlPage" enableCrossAppRedirects="true"></forms>
        </authentication>
        <authorization>

Well, that's all. Unfortunately it doesn't works. please, don't pay attention to "queryStringToIndicateUrlPage", it's only simple workaround in order to know whether I must redirect on the same app or on the another one.

© Stack Overflow or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about ASP.NET

Related posts about forms-authentication

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle