Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Single Sign On Not Working

Reply
Thread Tools

Single Sign On Not Working

 
 
andrew@wingspan.info
Guest
Posts: n/a
 
      02-06-2008
Hi

I am working on an app for a charity, www.encephalitis.info. They need
an online shop and forums. To that effect, I have set up the following
subdomains (starter kit used in brackets):

www.encephalitis.info
forums.encephalitis.info (yetanotherforum.net starter kit)
shop.encephalitis.info (dashCommerce.org starter kit)

For testing purposes, I am using the default asp.net membership and
role providers, but for the profile providers, I am using
dashCommerce's and yetanotherforum's profile providers.

I each web.config, I have set the machineKey to be the same, and have
given each web app the exact same authentication, membership and role
sections, as follows:


<machineKey validationKey='...??...' decryptionKey='...!!...'
validation='SHA1'/>
<authentication mode="Forms">
<forms name=".theApp_Authentication" loginUrl="http://
www.encephalitis.info/login.aspx" protection="All" timeout="30"
path="/"/>
</authentication>
<roleManager enabled="true">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" connectionStringName="myConn"
applicationName="theApp" type="System.Web.Security.SqlRoleProvider"/>
</providers>
</roleManager>
<membership defaultProvider="AspNetSqlMembershipProvider"
userIsOnlineTimeWindow="15" hashAlgorithmType="">
<providers>
<clear/>
<add connectionStringName="myConn" applicationName="theApp"
enablePasswordRetrieval="false" enablePasswordReset="true"
requiresQuestionAndAnswer="true" requiresUniqueEmail="false"
passwordFormat="Hashed" maxInvalidPasswordAttempts="5"
passwordAttemptWindow="10" passwordStrengthRegularExpression=""
minRequiredPasswordLength="4" minRequiredNonalphanumericCharacters="0"
name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</membership>


The result is that single sign on does not work. Can anyone tell me
what I am doing wrong??

I thought that by setting the machineKey that each app would read the
cookies created by the other ones, and therefore perform the login.

One point, that may be relevant:

Although the <forms loginUrl="..."> is set to the same url
(www.encephalitis.info/login.aspx), yetanotherforum.net and
dashCommerce pretty much hard code their own login pages. The only
problem with this would be if one subdomain cannot read a cookie
created by another subdomain, as opposed to the main www.encepahlitis.info.

I must be missing/misunderstanding something. But what...?!

Andrew
 
Reply With Quote
 
 
 
 
naphong xxx
Guest
Posts: n/a
 
      04-28-2011
It can solve your problem,
http://forum.yetanotherforum.net/yaf...aspx#post49557

> On Saturday, February 09, 2008 2:24 AM andre wrote:


> Hi
>
> I am working on an app for a charity, www.encephalitis.info. They need
> an online shop and forums. To that effect, I have set up the following
> subdomains (starter kit used in brackets):
>
> www.encephalitis.info
> forums.encephalitis.info (yetanotherforum.net starter kit)
> shop.encephalitis.info (dashCommerce.org starter kit)
>
> For testing purposes, I am using the default asp.net membership and
> role providers, but for the profile providers, I am using
> dashCommerce's and yetanotherforum's profile providers.
>
> I each web.config, I have set the machineKey to be the same, and have
> given each web app the exact same authentication, membership and role
> sections, as follows:
>
>
> <machineKey validationKey='...??...' decryptionKey='...!!...'
> validation='SHA1'/>
> <authentication mode="Forms">
> <forms name=".theApp_Authentication" loginUrl="http://
> www.encephalitis.info/login.aspx" protection="All" timeout="30"
> path="/"/>
> </authentication>
> <roleManager enabled="true">
> <providers>
> <clear/>
> <add name="AspNetSqlRoleProvider" connectionStringName="myConn"
> applicationName="theApp" type="System.Web.Security.SqlRoleProvider"/>
> </providers>
> </roleManager>
> <membership defaultProvider="AspNetSqlMembershipProvider"
> userIsOnlineTimeWindow="15" hashAlgorithmType="">
> <providers>
> <clear/>
> <add connectionStringName="myConn" applicationName="theApp"
> enablePasswordRetrieval="false" enablePasswordReset="true"
> requiresQuestionAndAnswer="true" requiresUniqueEmail="false"
> passwordFormat="Hashed" maxInvalidPasswordAttempts="5"
> passwordAttemptWindow="10" passwordStrengthRegularExpression=""
> minRequiredPasswordLength="4" minRequiredNonalphanumericCharacters="0"
> name="AspNetSqlMembershipProvider"
> type="System.Web.Security.SqlMembershipProvider, System.Web,
> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
> </providers>
> </membership>
>
>
> The result is that single sign on does not work. Can anyone tell me
> what I am doing wrong??
>
> I thought that by setting the machineKey that each app would read the
> cookies created by the other ones, and therefore perform the login.
>
> One point, that may be relevant:
>
> Although the <forms loginUrl="..."> is set to the same url
> (www.encephalitis.info/login.aspx), yetanotherforum.net and
> dashCommerce pretty much hard code their own login pages. The only
> problem with this would be if one subdomain cannot read a cookie
> created by another subdomain, as opposed to the main www.encepahlitis.info.
>
> I must be missing/misunderstanding something. But what...?!
>
> Andrew




 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
single sign on - why not trust AD? jc ASP .Net 1 03-02-2008 03:59 AM
$ sign to gb pound sign PWB Computer Support 6 02-19-2007 03:06 AM
Automatic sign-up and sign-in across different domains without cookies? Jimmy ASP .Net 1 11-21-2006 04:41 PM
Automatic sign-up and sign-in between different domains without cookies? Jimmy Javascript 3 11-20-2006 01:28 PM
J sign instead of ? sign Harold Potter esq. Computer Support 5 04-16-2005 02:19 PM



Advertisments