Single signon (with FormsAuth) for mutliple web apps

[Brad]

I'm working on single signon for multiple web apps on a single domain. If I
authenticate in wepApp1 then I am authenticated in webApp2 however, anywhere
in the global.asax code of webApp2 the following don't seem to be
set/initialized:
Request.IsAuthenticated
User.Identity
The authentication cookie is available in webApp2's global.asax and once
a form is loaded (i.e. I'm on a pageload event) the values of
Request.IsAuthenticated and User.Identity are available.

So why would the values of user identity and IsAuthenticated not be
avaialble in the global.asax of webApp2?


Thanks


Brad

[Chris Jackson]

In terms of your code, both of your assemblies (one for each we application)
are completely separate. One assembly doesn't get to read from the other,
even though they are in the same App Domain. The ability to read the cookie
by both essentially serves as the cross-assembly communication mechanism
(visualize it as serving a similar function to named pipes); others are
available, but this is probably the easiest.

One solution I have implemented is to create a custom logon page that looks
for a cookie that indicates authentication. If I find a valid cookie, then I
go ahead and set up that user as authenticated and return to the page that
requested the authentication. If I don't, then I display the page as normal
and have them enter their user/pass.

--
Chris Jackson
Software Engineer
Microsoft MVP - Windows XP
Windows XP Associate Expert
--
"Brad" <nospam@co.lane.or.us> wrote in message
news:%23SiEhvtgDHA.3828@tk2msftngp13.phx.gbl...

> I'm working on single signon for multiple web apps on a single domain. If

I

> authenticate in wepApp1 then I am authenticated in webApp2 however,

anywhere

> in the global.asax code of webApp2 the following don't seem to be
> set/initialized:
> Request.IsAuthenticated
> User.Identity
> The authentication cookie is available in webApp2's global.asax and

once

> a form is loaded (i.e. I'm on a pageload event) the values of
> Request.IsAuthenticated and User.Identity are available.
>
> So why would the values of user identity and IsAuthenticated not be
> avaialble in the global.asax of webApp2?
>
>
> Thanks
>
>
> Brad
>
>
>

[Brad]

I found the problem....basicaly a brain lapse on my part after being away
from hands-on coding for a few months.
I can access the authentication info just fine but I need to do it in
Application_AuthenticateRequest. Once I did that then everything works as I
expected: Identity is avaialble and IsAuthenticated is true is the user is
logged in.
Brad


"Chris Jackson" <chrisj@mvps.org> wrote in message
news:uHqrDQ3gDHA.2172@TK2MSFTNGP09.phx.gbl...

> In terms of your code, both of your assemblies (one for each we

application)

> are completely separate. One assembly doesn't get to read from the other,
> even though they are in the same App Domain. The ability to read the

cookie

> by both essentially serves as the cross-assembly communication mechanism
> (visualize it as serving a similar function to named pipes); others are
> available, but this is probably the easiest.
>
> One solution I have implemented is to create a custom logon page that

looks

> for a cookie that indicates authentication. If I find a valid cookie, then

I

> go ahead and set up that user as authenticated and return to the page that
> requested the authentication. If I don't, then I display the page as

normal

> and have them enter their user/pass.
>
> --
> Chris Jackson
> Software Engineer
> Microsoft MVP - Windows XP
> Windows XP Associate Expert
> --
> "Brad" <nospam@co.lane.or.us> wrote in message
> news:%23SiEhvtgDHA.3828@tk2msftngp13.phx.gbl...

> > I'm working on single signon for multiple web apps on a single domain.

If

> I

> > authenticate in wepApp1 then I am authenticated in webApp2 however,

> anywhere

> > in the global.asax code of webApp2 the following don't seem to be
> > set/initialized:
> > Request.IsAuthenticated
> > User.Identity
> > The authentication cookie is available in webApp2's global.asax and

> once

> > a form is loaded (i.e. I'm on a pageload event) the values of
> > Request.IsAuthenticated and User.Identity are available.
> >
> > So why would the values of user identity and IsAuthenticated not be
> > avaialble in the global.asax of webApp2?
> >
> >
> > Thanks
> >
> >
> > Brad
> >
> >
> >

>
>

[Jacob Yang [MSFT]]

Hi Brad,

I am glad to know that the problem is resolved.

Thank you very much for sharing your solution. It is helpful to everybody
here.

Best regards,

Jacob Yang
Microsoft Online Partner Support
Get Secure! ¨C [url]www.microsoft.com/security[/url]
This posting is provided "as is" with no warranties and confers no rights.