Ask a Question related to ASP.NET Security, Design and Development.
-
Martin #1
Problems with form authentication
I'm experiencing some problems with role-based forms authentication accross
domain.
I wanted to create an unique login page for multiple web server running
different applications.
My first server is [url]www.mydomain.com[/url]
The second one is www1.mydomain.com
The third one is www2.mydomain.com
I made a login.aspx page on [url]www.mydomain.com[/url] and set all web.config so that
the user is redirected to this unique page. All the machineKey have been set
to the same value on each server.
The authentication cookie domain is ".mydomain.com" and everything is
working fine. When I log in on the first server, I can navigate through each
servers.
My problem is that when I want to log off, I need to delete the
authentication cookie. The cookie is not persistent and is set to expire
after 20 minutes but i want to enforce the deletion. I tried to use the
FormsAuthentication.SignOut() Method but it would not delete a cookie
generated across the full domain (this method work fine if I set my cookie
domain to [url]www.mydomain.com[/url] but then i can't share it accross my
applications). I tried to remove the cookie from the request or from the
response using Request.Cookies or Response.Cookies collections but nothing
happens.
The only solution I found was to create a new authentication cookie which
domain is ".mydomain.com" and in which I store an non-existent user with an
incorrect role and to send it to the client. The previous cookie seems to be
overwrited and as the information stored in my authentication cookie are
irrelevant, the user is sent back to the login page. I was wondering if
there was any more satisfaying solution.
Thanx for any help.
Martin.
Martin Guest
-
Form Authentication Ticket
I've read some books and online articles on how to implement form authentication. Some taught me just to do... -
Form Authentication with SSL
If I use form authentication with SSL with my web application, when I access my login page, I will go to https://www.mydomainname.com/login.aspx.... -
Form Authentication
Hello everyone, I have found a problem with form authentication method that I can't solve. The problem is: I want to use a form authentication... -
authenticate win32 form client with form based authentication web services
(Type your message here) -------------------------------- From: kitchai yong Hi, Can you tell me how i authenticate the win32 form client... -
Form Field/ Form Submit Problems (probably an easy answer...)
Hey Everyone.. I have a form that has approximately 7 text fields and 1 checkbox. Generally when this form is submitted(to itself BTW) it works... -
Fredrik Normén NSQUARED #2 Problems with form authentication
Try to change your authentication cookie domain
from ".mydomain.com" to "mydomain.com" or only "mydomain"
/Fredrik Normén NSQUARED2
authentication accross>-----Original Message-----
>I'm experiencing some problems with role-based formsserver running>domain.
>I wanted to create an unique login page for multiple webweb.config so that>different applications.
>My first server is [url]www.mydomain.com[/url]
>The second one is www1.mydomain.com
>The third one is www2.mydomain.com
>I made a login.aspx page on [url]www.mydomain.com[/url] and set allmachineKey have been set>the user is redirected to this unique page. All theeverything is>to the same value on each server.
>The authentication cookie domain is ".mydomain.com" andnavigate through each>working fine. When I log in on the first server, I candelete the>servers.
>My problem is that when I want to log off, I need tois set to expire>authentication cookie. The cookie is not persistent andtried to use the>after 20 minutes but i want to enforce the deletion. Idelete a cookie>FormsAuthentication.SignOut() Method but it would notif I set my cookie>generated across the full domain (this method work fineaccross my>domain to [url]www.mydomain.com[/url] but then i can't share itrequest or from the>applications). I tried to remove the cookie from thecollections but nothing>response using Request.Cookies or Response.Cookiesauthentication cookie which>happens.
>
>The only solution I found was to create a newexistent user with an>domain is ".mydomain.com" and in which I store an non-previous cookie seems to be>incorrect role and to send it to the client. Theauthentication cookie are>overwrited and as the information stored in mywas wondering if>irrelevant, the user is sent back to the login page. I>there was any more satisfaying solution.
>
>Thanx for any help.
>
>Martin.
>
>
>.
>Fredrik Normén NSQUARED Guest
-
Martin #3 Re: Problems with form authentication
It doesn't change anything. Any other idea ?
"Fredrik Normén NSQUARED" <fnormen@hotmail.com> a écrit dans le message de
news:15a501c38277$59335000$a101280a@phx.gbl...
Try to change your authentication cookie domain
from ".mydomain.com" to "mydomain.com" or only "mydomain"
/Fredrik Normén NSQUARED2
authentication accross>-----Original Message-----
>I'm experiencing some problems with role-based formsserver running>domain.
>I wanted to create an unique login page for multiple webweb.config so that>different applications.
>My first server is [url]www.mydomain.com[/url]
>The second one is www1.mydomain.com
>The third one is www2.mydomain.com
>I made a login.aspx page on [url]www.mydomain.com[/url] and set allmachineKey have been set>the user is redirected to this unique page. All theeverything is>to the same value on each server.
>The authentication cookie domain is ".mydomain.com" andnavigate through each>working fine. When I log in on the first server, I candelete the>servers.
>My problem is that when I want to log off, I need tois set to expire>authentication cookie. The cookie is not persistent andtried to use the>after 20 minutes but i want to enforce the deletion. Idelete a cookie>FormsAuthentication.SignOut() Method but it would notif I set my cookie>generated across the full domain (this method work fineaccross my>domain to [url]www.mydomain.com[/url] but then i can't share itrequest or from the>applications). I tried to remove the cookie from thecollections but nothing>response using Request.Cookies or Response.Cookiesauthentication cookie which>happens.
>
>The only solution I found was to create a newexistent user with an>domain is ".mydomain.com" and in which I store an non-previous cookie seems to be>incorrect role and to send it to the client. Theauthentication cookie are>overwrited and as the information stored in mywas wondering if>irrelevant, the user is sent back to the login page. I>there was any more satisfaying solution.
>
>Thanx for any help.
>
>Martin.
>
>
>.
>
Martin Guest
-
ARF F #4 Re: Problems with form authentication
I have exactly the same problem.
I created a “single sign on” for multiple asp.net web applications
running under subdomains by writing the authentication cookie using the
parent domain name. However I can no longer log off within the
subdomains using FormsAuthentication.SignOut call.
I am guessing the signout might be defaulting to the subdomain in the
current url and cannot find the authentication ticket that used the
parent domain. Is there a method to set the parent domain name into the
FormsAuthentication.SignOut process?
Were you able to resolve this problem?
*** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
Don't just participate in USENET...get rewarded for it!
ARF F Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
