Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > SSL Forms Login for multiple sites

Reply
Thread Tools

SSL Forms Login for multiple sites

 
 
JerryMorton233@mail.com
Guest
Posts: n/a
 
      02-19-2005
Hi,
SSL newbie would love some advice

I have a server that hosts several independant domains (using host
headers to differentiate them). Each domain runs an independant copy of
the same ASP.NET application - this app uses forms-based authentication
and a proprietary XML file on each site to authenticate users/passwords
(i.e. each site has it's own set of users).

I would like to implement SSL around the forms login page for each
site, to protect the login process only.

Since SSL is tied to a domain, is there a way I avoid having to buy an
SSL cert for EACH domain?

Thanks for any help!
Jerry

 
Reply With Quote
 
 
 
 
Geir Aamodt
Guest
Posts: n/a
 
      02-21-2005
Jerry,

the short answer: No.

As you are saying, the SSL certificate are tied to one domain and this is
done for security reasons. Otherwise, you could have certificates saying
that
"I am site Y", when the site in reality is site X.

What you could try to do (depending on your application/system) is to create
a
common login service which, after successful login, redirects the users to
the correct
domain.

This would of course require a new "logon.yourdomain.com" which would handle
this.


--

Best regards,
Geir Aamodt
geir.aamodt(AT)bekk.no

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ps.com...
> Hi,
> SSL newbie would love some advice
>
> I have a server that hosts several independant domains (using host
> headers to differentiate them). Each domain runs an independant copy of
> the same ASP.NET application - this app uses forms-based authentication
> and a proprietary XML file on each site to authenticate users/passwords
> (i.e. each site has it's own set of users).
>
> I would like to implement SSL around the forms login page for each
> site, to protect the login process only.
>
> Since SSL is tied to a domain, is there a way I avoid having to buy an
> SSL cert for EACH domain?
>
> Thanks for any help!
> Jerry
>



 
Reply With Quote
 
 
 
 
JerryMorton233@mail.com
Guest
Posts: n/a
 
      02-22-2005
Hi,
I thought this would be the case. I was thinking about the "common
login" process - has anyone done this? I just wonder how the system
will react i.e. when a cookie generated by a forms-authentication page
at "https://logon.yourdomain.com" is then passed back for use under
"http://www.myoriginaldomain.com"? I think there's a way of
manipulating the domain name in the cookie - but what about the "https"
-> "http" bit - does that still form part of the cookie validation?

I was thinking that if I buy a "shared" ("wildcard"?) SSL cert, I can
make something work? i.e. www.adomain.com uses web.config to redirect
unauthenticated users to "https://adomain.yourdomain.com/login.aspx"
which ACTUALLY maps to a page under the "adomain" application (e.g.
"http://www.adomain.com/adomainloginfolder/login.aspx"). I think I
still have the same cookie problems though? Although this would let me
use the correct "user database" for each app more easily.

Maybe some kind person out there has tried this?

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Sharing SSL and login secuirty between a .NET 1.1 and 2.0 sites? SSLpassthrough ?? wildman@noclient.net ASP .Net 0 03-04-2008 01:19 PM
Forms authentication - Multiple login forms based on directory acc Keltex ASP .Net Security 1 01-24-2006 03:06 PM
Has anyone actually managed to create a Forms Authenticated web app with login over SSL? Gareth ASP .Net Security 0 05-13-2004 08:41 AM
Has anyone actually managed to create a Forms Authenticated web app with login over SSL? Gareth ASP .Net 0 05-13-2004 08:41 AM
Authentication forms and SSL on the login page Alexio ASP .Net Security 0 11-24-2003 08:09 PM



Advertisments