RE: Sharing Authentication cookies between 1.0 and 1.1
From: Mike LeBlanc (mike_leblanc_at_stuller.com)
Date: 07/29/03
- Next message: Aadil Abbas: "How to impersonate the child process of an ASP.NET application"
- Previous message: Michal A. Valasek: "Re: Basic Forms Authentication question"
- In reply to: Tian Min Huang: "RE: Sharing Authentication cookies between 1.0 and 1.1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 29 Jul 2003 10:29:44 -0700
Thanks for the reply but I already did that.
Both applications have their path set to "/" explicitly
and have the exact same cookie name. If I set both
applications to use 1.1 or 1.0 it works beautifully but if
one is 1.1 and the other is 1.0 it quits working.
The issue is actually resolved for me because I was able
to get the javascript bug Hotfix working finally.
(However it did introduce a new bug with Validator
controls that Microsoft is currently working on).
It's now a matter of curiosity...
Thanks,
Mike
>-----Original Message-----
>Hi Mike,
>
>In order to share the authentication cookie across your
applications the
>cookie path should be "/" (this is the default value if
you don/t specify
>it in the web.config files). The cookie name should also
be the same in all
>the applications. For instance, in the following example,
I have 2
>applications configured for Forms Authentication. Each of
them has a
>web.config file pointing to the "/LoginApp" application,
where the user
>will log in.
>
> -LoginApp
> -app1
> -app2
>
> The "/LoginApp" application contains the
login.aspx page (see attached)
>and the following web.config:
> << File: login.aspx >>
> <configuration><system.web>
> <authentication mode="Forms"
>
> <forms
name="MyAuthCookie" >
> <credentials
passwordFormat = "Clear">
> <user name="foo"
password="bar" />
> </credentials>
> </forms>
> </authentication>
> </system.web></configuration>
>
> Each of the applications "/app1" and "/app2"
contains the following
>web.config:
>
> <configuration><system.web>
> <authentication mode="Forms"
>
> <forms
name="MyAuthCookie" loginUrl = "/LoginApp/login.aspx" >
> </forms>
> </authentication>
> <authorization>
> <deny users="?" />
> </authorization>
> </system.web></configuration>
>
>If the user is authenticated after requesting the page
>http://server/app1/t.aspx then he can access the second
application
>(http://server/app2/t.aspx) without having to
authenticate himself again.
>
>Hope this helps.
>
>Regards,
>
>HuangTM
>Microsoft Online Partner Support
>MCSE/MCSD
>
>Get Secure! ¨C www.microsoft.com/security
>This posting is provided Ħ°as isĦħ with no warranties and
confers no rights.
>
>
>.
>
- Next message: Aadil Abbas: "How to impersonate the child process of an ASP.NET application"
- Previous message: Michal A. Valasek: "Re: Basic Forms Authentication question"
- In reply to: Tian Min Huang: "RE: Sharing Authentication cookies between 1.0 and 1.1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
