Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Forms authentication across multiple applications and framework versions

Reply
Thread Tools

Forms authentication across multiple applications and framework versions

 
 
JC
Guest
Posts: n/a
 
      11-05-2003
I have several applications that use forms authentication and they are
currently setup to use a single login page. Everything works fine under v1.0
of the framework and everything works fine if I have all applications
running under v1.1.

However, I need the login page and a few apps to be running under using v1.0
with other applications running under v1.1. Now my authentication cookie is
no longer being accepted anywhere other than by the v1.0 applications. The
path, name, and protection attributes for <forms> are identical in all
application. I've tried using an explicit <machinekey> and removing the
"isolateapps" attribute in the v1.1 machine.configs. Am I missing anything
else? I just consently get redirected back to the login page. Any help
would be appreciated thanks.

Here is what my web.config looks like in all applications.
<authentication mode="Forms">
<forms loginUrl="/Login/login.aspx"
name="appname"
protection="All"
path="/">
</forms>
</authentication>

I've tried using both:
<machineKey validationKey="AutoGenerate" decryptionKey="AutoGenerate"
validation="SHA1"/>

and explicitly defining the key in all apps.

<machineKey
validationKey='470D7418106FE78774FB509A10A94BB9839 567B38C0A91CBFE0241C3647F0
1E8B12FBA2EC0AB5C0B947260D12AD85B34085C91659A5802A F006D027B1F0A117D'
decryptionKey='3A6FF62768FAEA2213FB64703827ED533B6 CAB6AED3A1550'
validation='SHA1'/>


 
Reply With Quote
 
 
 
 
psb
Guest
Posts: n/a
 
      11-05-2003
I have experienced same thing... I believe it is a security hole in 1.0 that
microsoft closed. we do almost the same thing you are talking about. my
co-worker and i debugged for days until he said, I did install this new
application... well, the new application installed .netF1.1 and when we
uninstalled it he was working again. I have yet to upgrade all of our apps
to 1.1 until I figure out a solution. I swear I read it somewhere either on
msdn or gotdotnet.com about this security tightening in forms authentication
between projects/virtual directories... -p

"JC" <(E-Mail Removed)> wrote in message
news:OFuTl%23%(E-Mail Removed)...
> I have several applications that use forms authentication and they are
> currently setup to use a single login page. Everything works fine under

v1.0
> of the framework and everything works fine if I have all applications
> running under v1.1.
>
> However, I need the login page and a few apps to be running under using

v1.0
> with other applications running under v1.1. Now my authentication cookie

is
> no longer being accepted anywhere other than by the v1.0 applications. The
> path, name, and protection attributes for <forms> are identical in all
> application. I've tried using an explicit <machinekey> and removing the
> "isolateapps" attribute in the v1.1 machine.configs. Am I missing anything
> else? I just consently get redirected back to the login page. Any help
> would be appreciated thanks.
>
> Here is what my web.config looks like in all applications.
> <authentication mode="Forms">
> <forms loginUrl="/Login/login.aspx"
> name="appname"
> protection="All"
> path="/">
> </forms>
> </authentication>
>
> I've tried using both:
> <machineKey validationKey="AutoGenerate" decryptionKey="AutoGenerate"
> validation="SHA1"/>
>
> and explicitly defining the key in all apps.
>
> <machineKey
>

validationKey='470D7418106FE78774FB509A10A94BB9839 567B38C0A91CBFE0241C3647F0
> 1E8B12FBA2EC0AB5C0B947260D12AD85B34085C91659A5802A F006D027B1F0A117D'
> decryptionKey='3A6FF62768FAEA2213FB64703827ED533B6 CAB6AED3A1550'
> validation='SHA1'/>
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Multiple applications/multiple web.configs: how to structure a big collection of (seemingly) nested web applications? ASP .Net 3 06-14-2007 09:25 AM
Forms Authentication Across Applications =?Utf-8?B?RmFyaWJh?= ASP .Net 4 05-16-2007 10:34 PM
forms authentication across multiple web servers Roel ASP .Net Security 5 11-25-2005 09:25 AM
Forms Authentication across applications Janaka ASP .Net Security 2 05-10-2004 12:39 PM
Forms Authentication question: How to have some pages open and some requiring forms authentication Eric ASP .Net 2 02-13-2004 02:14 PM



Advertisments