RE: Authentication from another Application on server
From: Mike Moore [MS] (michmo@online.microsoft.com)
Date: 08/19/02
- Next message: Mike Moore [MS]: "Re: Creating a process in ASP.NET and checking TotalProcessorTime"
- Previous message: Kenneth Courville: "Web forms and Active Directory role-based content"
- In reply to: Shane: "RE: Authentication from another Application on server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: michmo@online.microsoft.com (Mike Moore [MS]) Date: Mon, 19 Aug 2002 21:40:43 GMT
Hi,
QUESTION
I have two web applications which both use forms authentication. I would
like for one of them to recognize visitors who have already been
authenticated to the other and not force them to re-authenticate. I'd like
this information for two scenarios. One where both web apps are on the same
server and also where they're on different servers.
ANSWER
There are several steps involved, but this can be done, provided that the
end user's browser settings allow it.
1) Same server
It's not so much a matter of them being on the same server as being part of
the same web site. Suppose you have two web sites on one server:
www.Site1.com and www.Site2.com. Because these are different web sites,
they might as well be on different servers as far as the end user is
concerned. Therefore, see the separate servers answer for this situation.
However, suppose you have two web applications in the same web site:
www.MySite.com/accounting and www.MySite/sales. In this case, you can
arrange for both sites to use the same cookie. Please see these articles:
Q313116 PRB: Forms Authentication Requests Are Not Directed to loginUrl
http://support.microsoft.com/support/kb/articles/q313/1/16.asp
Q313091 HOW TO: Create Keys with VB .NET for Use in Forms Authentication
http://support.microsoft.com/support/kb/articles/q313/0/91.asp
Both of these describe aspects of arranging for the same cookie to be used
by both web applications within the same web site.
2) Different servers
(All solutions for different servers are also valid for same server)
If the end user's browser allows you to set "Third Party Cookies", then
your site can set a cookie for use by your other site. When the user
browses your other site, the login page detects this cookie and passes them
along with FormsAuthentication.RedirectFromLoginPage.
Here's an example of this method (setting a third party cookie). As
described in the two articles above, you can set the machineKey -
validationKey in both web applications to be the same. Then the one cookie
will validate both web sites. Unfortunately, this cookie can only be read
by the site (or domain) that sets it. So, you need to set it twice - once
for each site. The site that the end user is visiting is a first-party
cookie and the other one is a third party cookie.
* OR *
Suppose you don't want the same authentication cookie on both servers.
Well, you still need some way to identify the end user. After he
authenticates on one site and then visits the other site, your server has
to recognize him. Once again, this means the first site needs to put a
third party cookie on the end user's machine. However, it doesn't have to
be the same cookie as the authentication cookie. It can be anything you
wish. Then, your login page on your second site must detect this cookie and
give the user a forms authentication cookie for this second site.
Thank you, Mike Moore
Microsoft, ASP.NET
This posting is provided "AS IS" with no warranties, and confers no rights.
- Next message: Mike Moore [MS]: "Re: Creating a process in ASP.NET and checking TotalProcessorTime"
- Previous message: Kenneth Courville: "Web forms and Active Directory role-based content"
- In reply to: Shane: "RE: Authentication from another Application on server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
