Menu
I have 2 applications (one .NET and other Angular SPA (web services in .NET) with the same domain name. I need to enable SSO for these 2 applications. Both the web.config have the same machine key and they are enabled for Forms authentication mode.
I log in to the .NET site, I present the angular site in iFrame. When opening the iframe, the API call includes the .ASPXAUTH cookie in the request header but HttpContext.User.Identity.Authenticated is set to false. So it returns a 404 and redirects to the login page for the angular site within the iframe.
The auth cookie is HttpOnly so angular is unable to read it. But since the cookie is set in the request header,API (.NET) method should consider it as authenticated and it is not. Anything I am missing?
509
C programming language is a machine-independent programming language that is mainly used to create many types of applications and operating systems such as Windows, and other complicated programs such as the Oracle database, Git, Python interpreter, and games and is considered a programming foundation in the process of ...
In the real sense it has no meaning or full form. It was developed by Dennis Ritchie and Ken Thompson at AT&T bell Lab. First, they used to call it as B language then later they made some improvement into it and renamed it as C and its superscript as C++ which was invented by Dr. Stroustroupe.
C is a general-purpose language that most programmers learn before moving on to more complex languages. From Unix and Windows to Tic Tac Toe and Photoshop, several of the most commonly used applications today have been built on C. It is easy to learn because: A simple syntax with only 32 keywords.
The letter c was applied by French orthographists in the 12th century to represent the sound ts in English, and this sound developed into the simpler sibilant s.
There is some information lacking to be sure to answer this question correctly, but I think this has something to do with the same origin policy. You have to explicitly set the origin of the iFrame in order for your cookie to be not recognized as a cross site request. And therefore will not be applied by ASP.net. Your origin http header has to be set to a valid origin and referrer.
Please also take a look at this question. It explains the same-origin policy briefly.
179
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
