Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

ASP.NET Authentication - One login system for multiple apps

Tags:

.net

authentication

asp.net-mvc

forms-authentication

asp.net-membership

We have a server with lets say 5-10 internal ASP.NET (MVC) applications running in separate application pools as separate websites (on different ports and/or subdomains). I know nothing about the built-in ASP.NET authentication framework, so I was wondering if anyone could drop me a quick pointer in the right direction...

I want to secure all of the internal apps via one login mechanism (supporting 3-5 different roles; nothing complex). This login system would be another app/website running on the server, and to gain access to any other app, one must have authenticated via the one login system and the target app must be able to see the user's role. The internal apps will be modified at the code level to plug into this new login system (in other words, we'll modify the current apps to support the authentication).

The whole point of this is that I don't want each app to have its own login/authentication mechanism, but rather use a more "global" authentication system (everything on the same server). I am not looking for anything complex (just a company of 15-25 employees, 3-5 departments - each user must be associated with a department (role) based on their login - and each app will be tuned to show the user the appropriate data based on his role).

The question is - how do I make it so that a user's authentication status is visible across all of the different apps (in different assemblies and running separately)?

Do I need to use Forms authentication? Or something in Spring.NET?

like image 986
Ruslan Avatar asked Mar 04 '11 01:03

Ruslan

1 Answers

Single sign-on is relatively easy to achieve within a subdomain or second-level domain. ASP.NET Forms Authentication is a ticket based system where the ticket is stored encrypted in a cookie. What you must achieve is to enable your web apps to share a this cookie.

For a subdomain scenario (e.g. mysite.com/app1, mysite.com/app2), just set the encryption/decryption keys to be the same in machinekey setting in web.config files.

For a second-level domain scenario (e.g. app1.mysite.com, app2.mysite.com), in addition to the above, you need to make some code change to force all authentication cookies to use the same top level domain (e.g. mysite.com).

like image 156
muratgu Avatar answered Oct 22 '22 19:10

muratgu
Sign in to Comment

Related questions

How to mock everything?
What is a native library? What is the need for binding?
Query a Dictionary of Dictionaries?
Library for visualizing object graphs in .NET
Group by in Datagrid View
Castle Windsor Internal Constructor/Class
Get .NET to consider a specific network share to be fully trusted
Some questions about thread synchronization
Remote MSMQ, Transactions and ReceiveById fails - "Message requested was not found in the queue specified"
How to secure .NET DLL's
How do I explicitly run the static constructor of an unknown type? [duplicate]
Delete Image from PictureBox in C#
How do I programmatically send information to a web service in C# with .NET?
Getting a WPF Listview to display ObservableCollection<T> using databinding
Free font and color chooser for WPF?
AssemblyResolve always get raised, asking for MyAssembly.resources
Invoking Word for rtf to docx conversion
What is the best way to log a .NET Func<>
Get impersonated user name

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!