Ask a Question related to ASP.NET Security, Design and Development.
-
Beginner #1
Form Authentication with Remote Login.aspx
I know this is an old question, but searching all over the internet plus
several MS security conferences, still haven't got a straight anwser.
Basically, the login.aspx is on one dedicated server in the domain using AD.
ASP.NET applications run on other servers (not neccessary in domain) and
trying to use authentication server. How could this be done?
- Most response says you need to set MachineKey the same, but that doesn't
seem to work
- There's one article says the login.aspx needs to set a third-party cookie
for the requester in order for them to retrieve (sounds reasonable, any
examples?) Any workaround if not so sure about browser privacy settings?
- Can I use Server.Transfer to pass the cookie/ticket/principal to the
request page? Is that safe?
Anyway, the goal is have a central .NET based form authentication for all
our intra-net web applications.
Thanks.
Beginner Guest
-
Custom Login Form for Windows Authentication?
Hello: I need to have a custom login form page for a site with Windows Authentication and internally i make the 'authentication windows process'.... -
Is there a way to determe reason for authentication in login form?
I can't find a way to tell if the login form has been run as a result of accessing a directory the user is not authorized for. I am using forms... -
Form authentication, what about normal login?
Hello, Let's assume we have setup from-based authentication in a website. And the front page of this website is a login page with some welcome... -
ASP remote authentication / surpress login dialog
Hello everybody, I need to setup a mechanism (preferred in ASP .net) to open an URL on a different user level protected virtual server (or even... -
Beginner #2 Re: Form Authentication with Remote Login.aspx
Thanks for the update, but I couldn't quite understand your anwser.
Many assumed it's the same case as webfarm and suggest change MachineKey
setting, but that alone seems not enough. In my case, application servers
may not be in the domain. I think you can not retrieve cookie set by other
servers.
I'm pretty sure someone out there has done a centralized form authentication
service, please help.
Thanks.
"Subramanian" <avs_iyer@nospam.rediffmail.com> wrote in message
news:OyJJH$1$DHA.3004@TK2MSFTNGP10.phx.gbl...the> Hi,
>
> I suppose the login.aspx page can be hosted on the other server it self as
> both of them will be in the same domain and so it becomes easier to passdoesn't> control.
>
> regards
> Manian
> "Beginner" <bzhang@hotmail.com> wrote in message
> news:egGqfFh$DHA.1796@TK2MSFTNGP12.phx.gbl...> AD.> > I know this is an old question, but searching all over the internet plus
> > several MS security conferences, still haven't got a straight anwser.
> >
> > Basically, the login.aspx is on one dedicated server in the domain using> > ASP.NET applications run on other servers (not neccessary in domain) and
> > trying to use authentication server. How could this be done?
> >
> > - Most response says you need to set MachineKey the same, but thatsettings?> cookie> > seem to work
> > - There's one article says the login.aspx needs to set a third-party> > for the requester in order for them to retrieve (sounds reasonable, any
> > examples?) Any workaround if not so sure about browser privacyall> > - Can I use Server.Transfer to pass the cookie/ticket/principal to the
> > request page? Is that safe?
> >
> > Anyway, the goal is have a central .NET based form authentication for>> > our intra-net web applications.
> >
> > Thanks.
> >
> >
>
Beginner Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
