Re: Single signon (with FormsAuth) for mutliple web apps

From: Chris Jackson (chrisj_at_mvps.org)
Date: 09/25/03


Date: Thu, 25 Sep 2003 10:42:38 -0400


In terms of your code, both of your assemblies (one for each we application)
are completely separate. One assembly doesn't get to read from the other,
even though they are in the same App Domain. The ability to read the cookie
by both essentially serves as the cross-assembly communication mechanism
(visualize it as serving a similar function to named pipes); others are
available, but this is probably the easiest.

One solution I have implemented is to create a custom logon page that looks
for a cookie that indicates authentication. If I find a valid cookie, then I
go ahead and set up that user as authenticated and return to the page that
requested the authentication. If I don't, then I display the page as normal
and have them enter their user/pass.

-- 
Chris Jackson
Software Engineer
Microsoft MVP - Windows XP
Windows XP Associate Expert
-- 
"Brad" <nospam@co.lane.or.us> wrote in message
news:%23SiEhvtgDHA.3828@tk2msftngp13.phx.gbl...
> I'm working on single signon for multiple web apps on a single domain.  If
I
> authenticate in wepApp1 then I am authenticated in webApp2 however,
anywhere
> in the global.asax code of  webApp2 the following don't seem to be
> set/initialized:
>         Request.IsAuthenticated
>         User.Identity
>     The authentication cookie is available in webApp2's global.asax and
once
> a form is loaded (i.e. I'm on a pageload event)   the values of
> Request.IsAuthenticated and User.Identity are available.
>
> So why would the values of user identity and IsAuthenticated not be
> avaialble in the global.asax of webApp2?
>
>
> Thanks
>
>
> Brad
>
>
>


Relevant Pages

  • Re: Single signon (with FormsAuth) for mutliple web apps
    ... both of your assemblies ... for a cookie that indicates authentication. ... > authenticate in wepApp1 then I am authenticated in webApp2 however, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: Forms authentication cookie handling question (C#)
    ... I also replaced all of my ticket authentication code with the ... // Username and or password not found in our database... ... LoginControl's default code logic to generate authentication cookie. ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: Forms Authentication
    ... The DNS entry for my domain was not set corrretly, ... This should have overcome the cookie ... authentication ticketis not correctly set to the domain your ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: Forms authentication cookie handling question (C#)
    ... programmatically generate forms authentication ticket and set it in ASP.NET ... You use the Login control's "Authentication" event to do the user ... LoginControl's default code logic to generate authentication cookie. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: authentication cookie vs session cookie
    ... level of using authentication cookies on the client machines. ... authentication cookie on a manager's machine is stolen and used on a client ... > session variables as it relies on the session cookie that ASP.NET sends to ...
    (microsoft.public.dotnet.framework.aspnet.security)