Re: Problems with form authentication
From: Martin (martinvalmont_at_yahoo.com)
Date: 09/25/03
- Next message: Johan Normén: "How to secure my VB.Net socket app?"
- Previous message: feng: "How to secure my VB.Net socket app?"
- Maybe in reply to: Martin: "Re: Problems with form authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 25 Sep 2003 10:10:38 +0200
It doesn't change anything. Any other idea ?
"Fredrik Normén NSQUARED" <fnormen@hotmail.com> a écrit dans le message de
news:15a501c38277$59335000$a101280a@phx.gbl...
Try to change your authentication cookie domain
from ".mydomain.com" to "mydomain.com" or only "mydomain"
/Fredrik Normén NSQUARED2
>-----Original Message-----
>I'm experiencing some problems with role-based forms
authentication accross
>domain.
>I wanted to create an unique login page for multiple web
server running
>different applications.
>My first server is www.mydomain.com
>The second one is www1.mydomain.com
>The third one is www2.mydomain.com
>I made a login.aspx page on www.mydomain.com and set all
web.config so that
>the user is redirected to this unique page. All the
machineKey have been set
>to the same value on each server.
>The authentication cookie domain is ".mydomain.com" and
everything is
>working fine. When I log in on the first server, I can
navigate through each
>servers.
>My problem is that when I want to log off, I need to
delete the
>authentication cookie. The cookie is not persistent and
is set to expire
>after 20 minutes but i want to enforce the deletion. I
tried to use the
>FormsAuthentication.SignOut() Method but it would not
delete a cookie
>generated across the full domain (this method work fine
if I set my cookie
>domain to www.mydomain.com but then i can't share it
accross my
>applications). I tried to remove the cookie from the
request or from the
>response using Request.Cookies or Response.Cookies
collections but nothing
>happens.
>
>The only solution I found was to create a new
authentication cookie which
>domain is ".mydomain.com" and in which I store an non-
existent user with an
>incorrect role and to send it to the client. The
previous cookie seems to be
>overwrited and as the information stored in my
authentication cookie are
>irrelevant, the user is sent back to the login page. I
was wondering if
>there was any more satisfaying solution.
>
>Thanx for any help.
>
>Martin.
>
>
>.
>
- Next message: Johan Normén: "How to secure my VB.Net socket app?"
- Previous message: feng: "How to secure my VB.Net socket app?"
- Maybe in reply to: Martin: "Re: Problems with form authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
