Ask a Question related to ASP.NET Security, Design and Development.
-
Janaka #1
Forms Authentication across applications
I've read the material on Forms Authentication and I've set this up for
several websites without any problems. Basically there's 2 applications for
each site.
1. The "www" application for the non-secure pages - [url]http://www.domain.com[/url]
2. The "secure" application for sensitive pages like checkout, login,
tc - [url]https://secure.domain.com[/url]
All sites follow this format. The application files are on physically
seperate machines.
Now the problem I'm having is that I'd like to use the Forms Authentication
cookie to see whether the user has been authenticated on my "www" pages.
However, it appears as if they haven't logged in. I had a look at the msdn
article to set up authentication across appplications
(
[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconformsauthenticationcredentials.asp[/url] )
but found the isolateApplications attribute doesn't exist??
As you can see this isn't stated on the <machineKey> reference either:
[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/gngrfmachinekeysection.asp[/url]
Has anyone gotten forms authentication to work between 2 applications? I'd
like to use SSL for my login page but it appears that won't work because the
first part of the domain is different?
Janaka Guest
-
Accessing htm files without authentication (forms authentication)
I have application with forms authentication. All works fine. When user opens .aspx file gets login form, login and then get the .aspx page. But... -
Forms Authentication between web applications on the same server
I have two web applications on the same server: http://localhost/ModemUpgrade and http://localhost/TestFormAuth The web.config of... -
ASP.Net Forms authentication with basic authentication popup
Relatively new to ASP.Net but have a strange problem. My site uses forms authentication for a large administration section however after the user... -
Forms authentication then redirection to a secure web with NT authentication?
Hi, I want to allow access to particular secured intranet web sites. These intranet are stored in sharepoint (2003 version) Actually I've... -
Authentication ticket, cookieless, forms authentication?
Hi. I want to use Forms Authentication, cookieless. The issue is setting the Authentication Ticket without using cookies (!) That is, the... -
Hernan de Lahitte #2 Re: Forms Authentication across applications
You might have a cookie persistence issue with the your cross domain
scenario. You have some good hints about this here:
[url]http://www.codeproject.com/aspnet/aspnetsinglesignon.asp[/url].
About the SSL certificate issue, you should have a cert. for
secure.domain.com that is where your secure pages resides.
The "isolateApplications" is not an attribute, its a modifier to the
decryptionKey or validationKey attributes and the usage is as states on the
machine key help.
<machineKey validationKey="AutoGenerate,IsolateApps"
decryptionKey="AutoGenerate,IsolateApps"
validation="SHA1"/>
The isolateApps option is specified to generate unique keys for each
application on the server.Unfortunately, the sample of your first link is
wrong.-- Hernan de LahitteLagash Systems S.A.[url]http://weblogs.asp.net/hernandl[/url]
This posting is provided "AS IS" with no warranties, and confers no rights.
"Janaka" <janaka@magicalia.com> wrote in message
news:uJiWjEoNEHA.2336@TK2MSFTNGP09.phx.gbl...for> I've read the material on Forms Authentication and I've set this up for
> several websites without any problems. Basically there's 2 applications[url]http://www.domain.com[/url]> each site.
> 1. The "www" application for the non-secure pages -Authentication> 2. The "secure" application for sensitive pages like checkout, login,
> tc - [url]https://secure.domain.com[/url]
>
> All sites follow this format. The application files are on physically
> seperate machines.
>
> Now the problem I'm having is that I'd like to use the Formsmsdn> cookie to see whether the user has been authenticated on my "www" pages.
> However, it appears as if they haven't logged in. I had a look at the[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconformsauthenticationcredentials.asp[/url] )> article to set up authentication across appplications
> (
>[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/gngrfmachinekeysection.asp[/url]> but found the isolateApplications attribute doesn't exist??
> As you can see this isn't stated on the <machineKey> reference either:
>I'd>
> Has anyone gotten forms authentication to work between 2 applications?the> like to use SSL for my login page but it appears that won't work because> first part of the domain is different?
>
>
Hernan de Lahitte Guest
-
Janaka #3 Re: Forms Authentication across applications
Thanks I'll give this a go and see how it turns out.
"Hernan de Lahitte" <hernan@lagash.com> wrote in message
news:u6JBqcoNEHA.556@tk2msftngp13.phx.gbl...the> You might have a cookie persistence issue with the your cross domain
> scenario. You have some good hints about this here:
> [url]http://www.codeproject.com/aspnet/aspnetsinglesignon.asp[/url].
> About the SSL certificate issue, you should have a cert. for
> secure.domain.com that is where your secure pages resides.
> The "isolateApplications" is not an attribute, its a modifier to the
> decryptionKey or validationKey attributes and the usage is as states onS.A.[url]http://weblogs.asp.net/hernandl[/url]> machine key help.
>
> <machineKey validationKey="AutoGenerate,IsolateApps"
> decryptionKey="AutoGenerate,IsolateApps"
> validation="SHA1"/>
> The isolateApps option is specified to generate unique keys for each
> application on the server.Unfortunately, the sample of your first link is
> wrong.-- Hernan de LahitteLagash Systemsrights.>
> This posting is provided "AS IS" with no warranties, and confers no[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconformsauthenticationcredentials.asp[/url] )>
> "Janaka" <janaka@magicalia.com> wrote in message
> news:uJiWjEoNEHA.2336@TK2MSFTNGP09.phx.gbl...> for> > I've read the material on Forms Authentication and I've set this up for
> > several websites without any problems. Basically there's 2 applications> [url]http://www.domain.com[/url]> > each site.
> > 1. The "www" application for the non-secure pages -> Authentication> > 2. The "secure" application for sensitive pages like checkout, login,
> > tc - [url]https://secure.domain.com[/url]
> >
> > All sites follow this format. The application files are on physically
> > seperate machines.
> >
> > Now the problem I'm having is that I'd like to use the Forms> msdn> > cookie to see whether the user has been authenticated on my "www" pages.
> > However, it appears as if they haven't logged in. I had a look at the>> > article to set up authentication across appplications
> > (
> >[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/gngrfmachinekeysection.asp[/url]>> > but found the isolateApplications attribute doesn't exist??
> > As you can see this isn't stated on the <machineKey> reference either:
> >> I'd> >
> > Has anyone gotten forms authentication to work between 2 applications?> the> > like to use SSL for my login page but it appears that won't work because>> > first part of the domain is different?
> >
> >
>
Janaka Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
