Menu
here is our problem.. We have built an MVC Web-api that uses Forms authentication with cookies to handle sessions. When we use our front-end webpage on the same domain (localhost or web-server) as the web-api, all works fine. (We use JQuery $.get and $.post to communicate with the web-api).
Though the front-end is in the future supposed to be a standalone html5 app, not located on the same domain as the web-api. This isn't working unfortunately.
The web-api does return an authentication cookie to the client, BUT the cookie isn't brought back to the web-api when the front-end sends it's requests. When both web-api and front-end are on the same domain, the cookie is automatically sent with the request.
We've tried setting "Access-Control-Allow-Origin: *" and "Access-Control-Allow-Authentication: true" in the web-api webconfig file.
709
Cross-domain authentication is a common approach in identity management that authenticates users for sites that run on different domains. ReachFive handles this even for browsers that block third-party cookies. Cross-domain authentication is much more streamlined when using SSO.
Web. Security namespace provides assorted methods for logging in and logging out users via the forms authentication system.
Forms authentication enables user and password validation for Web applications that do not require Windows authentication. With forms authentication, user information is stored in an external data source, such as a Membership database, or in the configuration file for an application.
Form Authentication is a token-based system. When users log in, they receive a token with user information that is stored in an encrypted cookie. When a user requests an ASP.NET page via the browser, the ASP.NET verifies whether the form authentication token is available.
What you need is a single-sign-on(SSO) feature.
Browser will only cookies to the same domain, that is the reason why it was not working when applications are located on different domains.
There a nice article in CodeProject on implementing SSO in ASP.NET - http://www.codeproject.com/Articles/106439/Single-Sign-On-SSO-for-cross-domain-ASP-NET-applic it applies to ASP.Net MVC too.
58
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
