|
Issue using ASP.NET forms authenticationwith frame redirect
I am facing an issue using ASP.NET forms authentication.
Scenario: Machine 1: http://subd1.provider1.com (1) Frame redirect to http://subd.provider2.com Machine 2: http://subd2.provider2.com (2) For both URLs, I am getting the login page. For (2), I could successfully login and the DestinationPageUrl is displayed right after. The problem is that for (1) after login the login page is displayed again instead of the DestinationPageUrl. I assume it has something to do with the frame redirect. If I first go to (2) and successfully login and later go to (1), it tells me I am already logged in and things work fine. I have already try to use session state mode 'StateServer' with no success. Any help would be greatly appreciated! Dieter |
RE: Issue using ASP.NET forms authenticationwith frame redirect
Hi Dieter,
I'm not very clear about your current configuration now, so I need to ask for some information first: 1) Are you trying to achieve Single-Sign-On between different website domain? Usually the forms authentication cookie (if cookie is enabled) can be shared by domains subd1.domain.com and subd2.domain.com, but not between subd.domain1.com and subd.domain2.com. 2) Do you mean that a page in the frameset is redirected to http://subd.provider2.com and you will be presented two login pages? Is the first login page also from domain provider2.com? 3) Are you encrypting forms authentication ticket? If this is the case, you will need to make sure the machine key used between two websites are the same, they're auto-generated by default. Please see if following pages help: #Single Sign On across multiple ASP.NET applications > Developer's Corner - Resources for Developers > Knowledge Base http://www.developer-corner.com/Reso...118/articleTyp e/ArticleView/articleId/23/Default.aspx #Hosting Multiple Web Applications http://msdn2.microsoft.com/en-us/library/aa302436.aspx Regards, Walter Wang (wawang@online.microsoft.com, remove 'online.') Microsoft Online Community Support ================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights. |
RE: Issue using ASP.NET forms authenticationwith frame redirect
Hello Walter,
thanks for your reply. Concerning your questions: 1) no. The only thing I want is to use frame redirect to redirect a domain hosted at provider A to my server (that runs the website) at provide B. 2) yes/yes 3) don't matter since I have no ASP.NET web at provider A (see 1)) Let me try to explain the issue more detailly: (1) http://subdomain.domain1.com/index.html <html> <head> </head> <frameset rows="100%"> <frame src="http://subdomain.domain2.com/" frameborder="0" noresize="noresize"/> </frameset> </html> (2) http://subdomain.domain2.com/somepage.aspx In http://subdomain.domain2.com/web.config, there is forms authentication activated and somepage.aspx is secured: <location path="somepage.aspx"> <system.web> <authorization> <deny users="?"/> </authorization> </system.web> </location> When calling (2), http://subdomain.domain2.com/somepage.aspx triggers http://subdomain.domain2.com/login.a...fsomepage.aspx. I then could enter my credentials and right after, the content of http://subdomain.domain2.com/somepage.aspx is displayed. When calling (1), I will also get the login.aspx from (2) (through the frame), but after entering my credentials, login.aspx is shown again and not - as expected - the content of http://subdomain.domain2.com/somepage.aspx (in the frame). Hope things are getting clearer now. ""Walter Wang [MSFT]"" wrote: > Hi Dieter, > > I'm not very clear about your current configuration now, so I need to ask > for some information first: > > 1) Are you trying to achieve Single-Sign-On between different website > domain? Usually the forms authentication cookie (if cookie is enabled) can > be shared by domains subd1.domain.com and subd2.domain.com, but not between > subd.domain1.com and subd.domain2.com. > 2) Do you mean that a page in the frameset is redirected to > http://subd.provider2.com and you will be presented two login pages? Is the > first login page also from domain provider2.com? > 3) Are you encrypting forms authentication ticket? If this is the case, you > will need to make sure the machine key used between two websites are the > same, they're auto-generated by default. > > Please see if following pages help: > > #Single Sign On across multiple ASP.NET applications > Developer's Corner - > Resources for Developers > Knowledge Base > http://www.developer-corner.com/Reso...118/articleTyp > e/ArticleView/articleId/23/Default.aspx > > > #Hosting Multiple Web Applications > http://msdn2.microsoft.com/en-us/library/aa302436.aspx > > > Regards, > Walter Wang (wawang@online.microsoft.com, remove 'online.') > Microsoft Online Community Support > > ================================================== > When responding to posts, please "Reply to Group" via your newsreader so > that others may learn and benefit from your issue. > ================================================== > > This posting is provided "AS IS" with no warranties, and confers no rights. > > |
RE: Issue using ASP.NET forms authenticationwith frame redirect
Hi Dieter,
Thanks for your detailed explanation. Now I have clearer picture of the issue. I believe this is because IE by default rejects cookies from a frame and ASP.NET Forms Authentication needs the cookie to be accepted at client-side to be considered as "logged in". Here's some explanation and possible workarounds: #ASP.NET Resources - Frames, ASPX Pages and Rejected Cookies http://aspnetresources.com/blog/fram...d_cookies.aspx I think the simplest workaround will be to prevent your login page from putting in a frameset by using javascript below: <script type="text/javascript"> if (top != self) top.location.href = location.href; </script> Regards, Walter Wang (wawang@online.microsoft.com, remove 'online.') Microsoft Online Community Support ================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights. |
RE: Issue using ASP.NET forms authenticationwith frame redirect
Walter,
thanks a lot for your explanation. This makes sense and I now do understand why the frame redirect does not work for me with ASP.NET authentication. > I think the simplest workaround will be to prevent your login page from > putting in a frameset by using javascript below: > ... This is no option for me since the only reason I am using frame redirect is to see domain1 in the browser address bar instead of domain2. I guess the only possibility for me will be to move the domain1 to the provider that also hosts domain2. Thanks again and best regards Dieter ""Walter Wang [MSFT]"" wrote: > Hi Dieter, > > Thanks for your detailed explanation. Now I have clearer picture of the > issue. > > I believe this is because IE by default rejects cookies from a frame and > ASP.NET Forms Authentication needs the cookie to be accepted at client-side > to be considered as "logged in". > > Here's some explanation and possible workarounds: > > #ASP.NET Resources - Frames, ASPX Pages and Rejected Cookies > http://aspnetresources.com/blog/fram...d_cookies.aspx > > I think the simplest workaround will be to prevent your login page from > putting in a frameset by using javascript below: > > <script type="text/javascript"> > if (top != self) > top.location.href = location.href; > </script> > > > Regards, > Walter Wang (wawang@online.microsoft.com, remove 'online.') > Microsoft Online Community Support > > ================================================== > When responding to posts, please "Reply to Group" via your newsreader so > that others may learn and benefit from your issue. > ================================================== > > This posting is provided "AS IS" with no warranties, and confers no rights. > > |
| All times are GMT. The time now is 01:30 PM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.