Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Sharing authentication between two web applications

Tags:

iis-7

forms-authentication

shared

I have a base web site (Asp.net WebForms application) running under ie.

http://localhost:90/

Then I created a new (this time Asp.net MVC) application and added it under

http://localhost:90/mvc/

but not just as a simple virtual folder, but as an application folder by defining a different application pool to run it, compared to the parent application.

Since browsers can't know that there are two different application basically on the same domain it would work like:

  1. user accesses http://localhost:90/
  2. parent app redirects the user to forms authentication screen
  3. user successfully logs in
  4. parent web adds an authentication cookie
  5. user accesses http://localhost:90/mvc
  6. browser attaches the same cookie from parent app

Is it possible that I authenticate the user based on this same cookie? I would configure my MVC application to login redirect to parent app to have a shared authentication screen. But I'd like to know who authenticated and work from that point on.

I've read something about sharing the same system.web/machineKey values to provide this kind of functionality, but I would like some real world examples.

I'm aware that these two applications will not be able to share Session state and that's not a problem, because I don't want them to. All I want is a kind of single login (SSO/SSS)

Is this possible? How?

Important

I've read other questions/answers about this, but they are either asking about cross-domain/cross-server etc. This one is on the same IIS web site.

like image 284
Robert Koritnik Avatar asked Oct 27 '10 16:10

Robert Koritnik

2 Answers

I found it myself.

This is the article on MSDN that talks exactly about this scenario. I decided to keep this question anyway for anyone that would be chasing the same information some time later.

MSDN: Forms Authentication Across Applications

In brief

You have to configure machine keys in web.config of both applications so they match hence they'll be able to decode data that the other party generated. And that's the whole trick. MSDN article explains this in great detail including how to generate those keys.

like image 71
Robert Koritnik Avatar answered Sep 18 '22 15:09

Robert Koritnik

If in case anyone is still not able to share the keys use compatibilityMode="Framework20SP1"

<machineKey validationKey="same key all over"              decryptionKey="same key all over"              validation="SHA1" decryption="AES"             compatibilityMode="Framework20SP1"/>
like image 32
Syed Umar Ahmed Avatar answered Sep 20 '22 15:09

Syed Umar Ahmed
Sign in to Comment

Related questions

How do I upload large (> 25MB) files to a web service?
IIS reverse proxy with rewrites can't handle a redirect from the server we proxy to
iis windows authentication is missing at windows 10 (ASP.NET Visual Studio 2015)
Writing to an event log in ASP.NET on Windows Server 2008 IIS7
Renaming applications in IIS 7.0
How do I enable upload of large files in classic ASP on IIS 7?
Separate config file for sections of web.config
Wildcard subdomains in IIS7. Is it possible to make them like it is in Apache?
How to programmatically get sites list and virtual dirs in IIS 7?
Nested ASP.NET 'application' within IIS inheriting parent config values?
Bug in MVC3 - requests never time out. Works fine for aspx pages in same project
Checkbox not visible on nodes of TreeView control when deployed in IIS
IIS 7 Log Request Body
What is the difference between httpCompression and urlCompression?
IIS 7 SSL for multiple sites with a single IP
Separate application pools for ASP.net applications in IIS
Powershell New-WebApplication
How do you debug classic ASP?
why does IIS7 static/dynamic compression only work for 200 responses?
Getting 404.0 error for ASP.NET MVC 3 app on IIS 7.0 / Windows Server 2008

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!