Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

C# Forms Authentication .ASPXAUTH Cookie for SSO

I have 2 applications (one .NET and other Angular SPA (web services in .NET) with the same domain name. I need to enable SSO for these 2 applications. Both the web.config have the same machine key and they are enabled for Forms authentication mode.

I log in to the .NET site, I present the angular site in iFrame. When opening the iframe, the API call includes the .ASPXAUTH cookie in the request header but HttpContext.User.Identity.Authenticated is set to false. So it returns a 404 and redirects to the login page for the angular site within the iframe.

The auth cookie is HttpOnly so angular is unable to read it. But since the cookie is set in the request header,API (.NET) method should consider it as authenticated and it is not. Anything I am missing?

like image 509
Dave Avatar asked Dec 16 '15 18:12

Dave


People also ask

What C is used for?

C programming language is a machine-independent programming language that is mainly used to create many types of applications and operating systems such as Windows, and other complicated programs such as the Oracle database, Git, Python interpreter, and games and is considered a programming foundation in the process of ...

What is the full name of C?

In the real sense it has no meaning or full form. It was developed by Dennis Ritchie and Ken Thompson at AT&T bell Lab. First, they used to call it as B language then later they made some improvement into it and renamed it as C and its superscript as C++ which was invented by Dr. Stroustroupe.

Is C language easy?

C is a general-purpose language that most programmers learn before moving on to more complex languages. From Unix and Windows to Tic Tac Toe and Photoshop, several of the most commonly used applications today have been built on C. It is easy to learn because: A simple syntax with only 32 keywords.

How old is the letter C?

The letter c was applied by French orthographists in the 12th century to represent the sound ts in English, and this sound developed into the simpler sibilant s.


1 Answers

There is some information lacking to be sure to answer this question correctly, but I think this has something to do with the same origin policy. You have to explicitly set the origin of the iFrame in order for your cookie to be not recognized as a cross site request. And therefore will not be applied by ASP.net. Your origin http header has to be set to a valid origin and referrer.

Please also take a look at this question. It explains the same-origin policy briefly.

like image 179
Dibran Avatar answered Oct 04 '22 22:10

Dibran