RE: Sharing Authentication cookies between 1.0 and 1.1

From: Tian Min Huang (timhuang_at_online.microsoft.com)
Date: 07/25/03

• Next message: Robert Remen: "Running ASP.NET application from network share"
• Previous message: Peter Moberg: "Role empty in WindowsPrincipal"
• In reply to: Mike LeBlanc: "Sharing Authentication cookies between 1.0 and 1.1"
• Next in thread: Mike LeBlanc: "RE: Sharing Authentication cookies between 1.0 and 1.1"
• Reply: Mike LeBlanc: "RE: Sharing Authentication cookies between 1.0 and 1.1"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 25 Jul 2003 07:09:14 GMT

Hi Mike,

In order to share the authentication cookie across your applications the
cookie path should be "/" (this is the default value if you don/t specify
it in the web.config files). The cookie name should also be the same in all
the applications. For instance, in the following example, I have 2
applications configured for Forms Authentication. Each of them has a
web.config file pointing to the "/LoginApp" application, where the user
will log in.

        -LoginApp
        -app1
        -app2

        The "/LoginApp" application contains the login.aspx page (see attached)
and the following web.config:
         << File: login.aspx >>
                        <configuration><system.web>
                              <authentication mode="Forms" >
                                <forms name="MyAuthCookie" >
                                   <credentials passwordFormat = "Clear">
                                        <user name="foo" password="bar" />
                                   </credentials>
                                </forms>
                              </authentication>
                        </system.web></configuration>

        Each of the applications "/app1" and "/app2" contains the following
web.config:

                        <configuration><system.web>
                              <authentication mode="Forms" >
                                <forms name="MyAuthCookie" loginUrl = "/LoginApp/login.aspx" >
                                </forms>
                              </authentication>
                              <authorization>
                                <deny users="?" />
                              </authorization>
                        </system.web></configuration>

If the user is authenticated after requesting the page
http://server/app1/t.aspx then he can access the second application
(http://server/app2/t.aspx) without having to authenticate himself again.

Hope this helps.

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! ¨C www.microsoft.com/security
This posting is provided Ħ°as isĦħ with no warranties and confers no rights.

---

• Next message: Robert Remen: "Running ASP.NET application from network share"
• Previous message: Peter Moberg: "Role empty in WindowsPrincipal"
• In reply to: Mike LeBlanc: "Sharing Authentication cookies between 1.0 and 1.1"
• Next in thread: Mike LeBlanc: "RE: Sharing Authentication cookies between 1.0 and 1.1"
• Reply: Mike LeBlanc: "RE: Sharing Authentication cookies between 1.0 and 1.1"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: FormsAuthentication ReturnUrl - need it to be Absolute ... I understand you have multiple ASP.NET applications ... which are using forms authentication to protect the application. ... the forms authentication cookie across multiple applications, ... If the forms authentication cross site support doesn't suit your scenario. ... (microsoft.public.dotnet.framework.aspnet) RE: FormsAuthentication ReturnUrl - need it to be Absolute ... which are using forms authentication to protect the application. ... you're trying to make the applications share the same forms authentication ... the forms authentication cookie across multiple applications, ... If the forms authentication cross site support doesn't suit your scenario. ... (microsoft.public.dotnet.framework.aspnet) Re: Main form and login form in different folders using Forms Auth ... but I suppose that you could use Forms Authentication ... Having a cookie authenticate to two ... applications is as secure as having two seperate ones though. ... >> Even though the SubFolder is not a vdirectory, ... (microsoft.public.dotnet.framework.aspnet.security) RE: Authentication Ticket Persistance ... applications which both use forms authentication. ... web.config that points the login page to the login page of the second ... The second application has one button which gets the cookie, ... My sample worked fine if both web applications were on the same machine ... (microsoft.public.dotnet.framework.aspnet.security) RE: Forms authentication cookie handling question (C#) ... I also replaced all of my ticket authentication code with the ... // Username and or password not found in our database... ... LoginControl's default code logic to generate authentication cookie. ... (microsoft.public.dotnet.framework.aspnet)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)