«

Hello Everyone,

Here is my situation:
- build a website with a public portion and multiple secured
applications
- security information is in active directory (user ids) and a database
(roles)
- single-signon is required across all applications

My problem is i can't seem to get single-signon working across multiple
virtual directories ... If i logon i can access secured pages within the
"Logon" virtual directory, but not within other virtual directories ... from
my understanding, as long as the auth cookie's path is "/", it should be
accessible across the entire website .... anyone have any idea what i am
doing wrong? ... here is how i set things up:

VIRTUAL DIRECTORIES
- Public (contains links to the secured applications)
- Logon (if a user access a secured application without logging on, they
will be redirected here)
- Application1 (secured application)
- Application2 (secured application)

PUBLIC VIRTUAL DIRECTORY
- anonymous access in IIS
- web.config has all default setting

LOGON VIRTUAL DIRECTORY
- anonymous access in IIS
- forms authentication

WEB.CONFIG

<authentication mode="Forms">
<forms loginUrl="Default.aspx" name="ldapAuthCookie"
timeout="60" path="/"></forms>
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>

SET AUTH COOKIE CODE (executed when the Logon button is clicked):

Dim authTicket As FormsAuthenticationTicket = New
FormsAuthenticationTicket(1, txtUserName.Text, DateTime.Now,
DateTime.Now.AddMinutes(60), False, "", FormsAuthentication.FormsCookiePath)
Dim encryptedTicket As String =
FormsAuthentication.Encrypt(authTicket)
Dim authCookie As HttpCookie = New
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
Response.Cookies.Add(authCookie)
Response.Redirect(FormsAuthentication.GetRedirectU rl(txtUserName.Text,
False))

APPLICATION VIRTUAL DIRECTORIES
- anonymous access in IIS
- forms authentication

WEB.CONFIG

<authentication mode="Forms">
<forms loginUrl="/Logon /Default.aspx"
name="ldapAuthCookie"></forms>
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>


any help would be appreciated

thanks,
john paddington

You need to configure the <machineKey> element for each virtual directory
so they match:

http://msdn.microsoft.com/library/de...asp?frame=true

And FWIW, some info from the P&P that essentially says the same (but there's
a lot more info too):

http://msdn.microsoft.com/library/de...asp?frame=true

-Brock
DevelopMentor
http://staff.develop.com/ballen



> Hello Everyone,
>
> Here is my situation:
> - build a website with a public portion and multiple secured
> applications
> - security information is in active directory (user ids) and a
> database
> (roles)
> - single-signon is required across all applications
> My problem is i can't seem to get single-signon working across
> multiple virtual directories ... If i logon i can access secured pages
> within the "Logon" virtual directory, but not within other virtual
> directories ... from my understanding, as long as the auth cookie's
> path is "/", it should be accessible across the entire website ....
> anyone have any idea what i am doing wrong? ... here is how i set
> things up:
>
> VIRTUAL DIRECTORIES
> - Public (contains links to the secured applications)
> - Logon (if a user access a secured application without logging
> on, they
> will be redirected here)
> - Application1 (secured application)
> - Application2 (secured application)
> PUBLIC VIRTUAL DIRECTORY
> - anonymous access in IIS
> - web.config has all default setting
> LOGON VIRTUAL DIRECTORY
> - anonymous access in IIS
> - forms authentication
> WEB.CONFIG
>
> <authentication mode="Forms">
> <forms loginUrl="Default.aspx" name="ldapAuthCookie"
> timeout="60" path="/"></forms>
> </authentication>
> <authorization>
> <deny users="?" />
> <allow users="*" />
> </authorization>
> SET AUTH COOKIE CODE (executed when the Logon button is
> clicked):
>
> Dim authTicket As FormsAuthenticationTicket = New
> FormsAuthenticationTicket(1, txtUserName.Text, DateTime.Now,
> DateTime.Now.AddMinutes(60), False, "",
> FormsAuthentication.FormsCookiePath)
> Dim encryptedTicket As String =
> FormsAuthentication.Encrypt(authTicket)
> Dim authCookie As HttpCookie = New
> HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
> Response.Cookies.Add(authCookie)
>
> Response.Redirect(FormsAuthentication.GetRedirectU rl(txtUserName.Text,
> False))
> APPLICATION VIRTUAL DIRECTORIES
> - anonymous access in IIS
> - forms authentication
> WEB.CONFIG
>
> <authentication mode="Forms">
> <forms loginUrl="/Logon /Default.aspx"
> name="ldapAuthCookie"></forms>
> </authentication>
> <authorization>
> <deny users="?" />
> <allow users="*" />
> </authorization>
> any help would be appreciated
>
> thanks,
> john paddington

thanks ... worked like a charm


"Brock Allen" <> wrote in message
news: ...
> You need to configure the <machineKey> element for each virtual directory
> so they match:
>
> http://msdn.microsoft.com/library/de...asp?frame=true
>
> And FWIW, some info from the P&P that essentially says the same (but
> there's a lot more info too):
>
> http://msdn.microsoft.com/library/de...asp?frame=true
>
> -Brock
> DevelopMentor
> http://staff.develop.com/ballen
>
>
>
>> Hello Everyone,
>>
>> Here is my situation:
>> - build a website with a public portion and multiple secured
>> applications
>> - security information is in active directory (user ids) and a
>> database
>> (roles)
>> - single-signon is required across all applications
>> My problem is i can't seem to get single-signon working across
>> multiple virtual directories ... If i logon i can access secured pages
>> within the "Logon" virtual directory, but not within other virtual
>> directories ... from my understanding, as long as the auth cookie's
>> path is "/", it should be accessible across the entire website ....
>> anyone have any idea what i am doing wrong? ... here is how i set
>> things up:
>>
>> VIRTUAL DIRECTORIES
>> - Public (contains links to the secured applications)
>> - Logon (if a user access a secured application without logging
>> on, they
>> will be redirected here)
>> - Application1 (secured application)
>> - Application2 (secured application)
>> PUBLIC VIRTUAL DIRECTORY
>> - anonymous access in IIS
>> - web.config has all default setting
>> LOGON VIRTUAL DIRECTORY
>> - anonymous access in IIS
>> - forms authentication
>> WEB.CONFIG
>>
>> <authentication mode="Forms">
>> <forms loginUrl="Default.aspx" name="ldapAuthCookie"
>> timeout="60" path="/"></forms>
>> </authentication>
>> <authorization>
>> <deny users="?" />
>> <allow users="*" />
>> </authorization>
>> SET AUTH COOKIE CODE (executed when the Logon button is
>> clicked):
>>
>> Dim authTicket As FormsAuthenticationTicket = New
>> FormsAuthenticationTicket(1, txtUserName.Text, DateTime.Now,
>> DateTime.Now.AddMinutes(60), False, "",
>> FormsAuthentication.FormsCookiePath)
>> Dim encryptedTicket As String =
>> FormsAuthentication.Encrypt(authTicket)
>> Dim authCookie As HttpCookie = New
>> HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
>> Response.Cookies.Add(authCookie)
>>
>> Response.Redirect(FormsAuthentication.GetRedirectU rl(txtUserName.Text,
>> False))
>> APPLICATION VIRTUAL DIRECTORIES
>> - anonymous access in IIS
>> - forms authentication
>> WEB.CONFIG
>>
>> <authentication mode="Forms">
>> <forms loginUrl="/Logon /Default.aspx"
>> name="ldapAuthCookie"></forms>
>> </authentication>
>> <authorization>
>> <deny users="?" />
>> <allow users="*" />
>> </authorization>
>> any help would be appreciated
>>
>> thanks,
>> john paddington
>
>
>