«

I'm experiencing some problems with role-based forms authentication accross
domain.
I wanted to create an unique login page for multiple web server running
different applications.
My first server is www.mydomain.com
The second one is www1.mydomain.com
The third one is www2.mydomain.com
I made a login.aspx page on www.mydomain.com and set all web.config so that
the user is redirected to this unique page. All the machineKey have been set
to the same value on each server.
The authentication cookie domain is ".mydomain.com" and everything is
working fine. When I log in on the first server, I can navigate through each
servers.
My problem is that when I want to log off, I need to delete the
authentication cookie. The cookie is not persistent and is set to expire
after 20 minutes but i want to enforce the deletion. I tried to use the
FormsAuthentication.SignOut() Method but it would not delete a cookie
generated across the full domain (this method work fine if I set my cookie
domain to www.mydomain.com but then i can't share it accross my
applications). I tried to remove the cookie from the request or from the
response using Request.Cookies or Response.Cookies collections but nothing
happens.

The only solution I found was to create a new authentication cookie which
domain is ".mydomain.com" and in which I store an non-existent user with an
incorrect role and to send it to the client. The previous cookie seems to be
overwrited and as the information stored in my authentication cookie are
irrelevant, the user is sent back to the login page. I was wondering if
there was any more satisfaying solution.

Thanx for any help.

Martin.

Try to change your authentication cookie domain
from ".mydomain.com" to "mydomain.com" or only "mydomain"

/Fredrik Normén NSQUARED2


>-----Original Message-----
>I'm experiencing some problems with role-based forms
authentication accross
>domain.
>I wanted to create an unique login page for multiple web
server running
>different applications.
>My first server is www.mydomain.com
>The second one is www1.mydomain.com
>The third one is www2.mydomain.com
>I made a login.aspx page on www.mydomain.com and set all
web.config so that
>the user is redirected to this unique page. All the
machineKey have been set
>to the same value on each server.
>The authentication cookie domain is ".mydomain.com" and
everything is
>working fine. When I log in on the first server, I can
navigate through each
>servers.
>My problem is that when I want to log off, I need to
delete the
>authentication cookie. The cookie is not persistent and
is set to expire
>after 20 minutes but i want to enforce the deletion. I
tried to use the
>FormsAuthentication.SignOut() Method but it would not
delete a cookie
>generated across the full domain (this method work fine
if I set my cookie
>domain to www.mydomain.com but then i can't share it
accross my
>applications). I tried to remove the cookie from the
request or from the
>response using Request.Cookies or Response.Cookies
collections but nothing
>happens.
>
>The only solution I found was to create a new
authentication cookie which
>domain is ".mydomain.com" and in which I store an non-
existent user with an
>incorrect role and to send it to the client. The
previous cookie seems to be
>overwrited and as the information stored in my
authentication cookie are
>irrelevant, the user is sent back to the login page. I
was wondering if
>there was any more satisfaying solution.
>
>Thanx for any help.
>
>Martin.
>
>
>.
>

It doesn't change anything. Any other idea ?



"Fredrik Normén NSQUARED" <> a écrit dans le message de
news:15a501c38277$59335000$...
Try to change your authentication cookie domain
from ".mydomain.com" to "mydomain.com" or only "mydomain"

/Fredrik Normén NSQUARED2


>-----Original Message-----
>I'm experiencing some problems with role-based forms
authentication accross
>domain.
>I wanted to create an unique login page for multiple web
server running
>different applications.
>My first server is www.mydomain.com
>The second one is www1.mydomain.com
>The third one is www2.mydomain.com
>I made a login.aspx page on www.mydomain.com and set all
web.config so that
>the user is redirected to this unique page. All the
machineKey have been set
>to the same value on each server.
>The authentication cookie domain is ".mydomain.com" and
everything is
>working fine. When I log in on the first server, I can
navigate through each
>servers.
>My problem is that when I want to log off, I need to
delete the
>authentication cookie. The cookie is not persistent and
is set to expire
>after 20 minutes but i want to enforce the deletion. I
tried to use the
>FormsAuthentication.SignOut() Method but it would not
delete a cookie
>generated across the full domain (this method work fine
if I set my cookie
>domain to www.mydomain.com but then i can't share it
accross my
>applications). I tried to remove the cookie from the
request or from the
>response using Request.Cookies or Response.Cookies
collections but nothing
>happens.
>
>The only solution I found was to create a new
authentication cookie which
>domain is ".mydomain.com" and in which I store an non-
existent user with an
>incorrect role and to send it to the client. The
previous cookie seems to be
>overwrited and as the information stored in my
authentication cookie are
>irrelevant, the user is sent back to the login page. I
was wondering if
>there was any more satisfaying solution.
>
>Thanx for any help.
>
>Martin.
>
>
>.
>

I have exactly the same problem.

I created a “single sign on” for multiple asp.net web applications
running under subdomains by writing the authentication cookie using the
parent domain name. However I can no longer log off within the
subdomains using FormsAuthentication.SignOut call.

I am guessing the signout might be defaulting to the subdomain in the
current url and cannot find the authentication ticket that used the
parent domain. Is there a method to set the parent domain name into the
FormsAuthentication.SignOut process?

Were you able to resolve this problem?


*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!