Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Single sign on across domain

Reply
Thread Tools

Single sign on across domain

 
 
Purushottam Khandebharad
Guest
Posts: n/a
 
      05-20-2006
Hi,

I have to implement single sign on between 2 web application, 1st is
asp.net2.0 web app and 2nd is asp.net 1.1 web app, domains of both the
applications are diff.

I have already configured forms authentication for both the
applications and <<<its working if both the applications are on
"localhost" " >>> but if I try to use 2nd application on different
machine, the forms authentication ticket cookie created by first app is
not recognized by 2nd application.

P.S.: please be clear that i have used
1. same forms auth cookie name for both the apps
2. path is "/" for both
3. protection is "All" for both apps
4. Machine keys are same for both apps.

Configuration and code for bothe apps are as follows
---------------------------------------------------------------------------------------
Asp.net 2.0 App configuration
---------------------------------------------------------------------------------------

<system.web>
<authentication mode="Forms" >
<forms name=".AUTH"
loginUrl="Login.aspx"
protection="All"
domain=""
path="/"
timeout="20"
slidingExpiration="true"
enableCrossAppRedirects="true" />
</authentication>

<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>

<machineKey
validationKey='5C9D7A8F3E336275166075E596F19EB9B47 8F771C7FE45B65BF6E9B41BA9575F04672CCC4242B2245200C D0E63A8991CA6BFB2D77FE9C5B0D69889359574C5F3'
decryptionKey='AF96F355CEC57EFD2F996515BF465DD399F AF7B806B2CD55'
validation='SHA1'
decryption='3DES' />

</system.web>

---------------------------------------------------------------------------------------
code on login page login button click
---------------------------------------------------------------------------------------

FormsAuthentication.SetAuthCookie(TextBox1.Text.Tr im(), false);

Response.Redirect(FormsAuthentication.GetRedirectU rl(TextBox1.Text.Trim(),
false));


---------------------------------------------------------------------------------------
Configuration for asp.net 1.1 application
---------------------------------------------------------------------------------------
<system.web>
<authentication mode="Forms" >
<forms name=".AUTH"
loginUrl="Login.aspx"
protection="All"
domain=""
path="/"
timeout="20"
slidingExpiration="true"/>
</authentication>

<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>

<machineKey
validationKey='5C9D7A8F3E336275166075E596F19EB9B47 8F771C7FE45B65BF6E9B41BA9575F04672CCC4242B2245200C D0E63A8991CA6BFB2D77FE9C5B0D69889359574C5F3'
decryptionKey='AF96F355CEC57EFD2F996515BF465DD399F AF7B806B2CD55'
validation='SHA1'/>

</system.web>

If anybody thinks that giving domain names (like "aap1.sso.com" and
"app2.sso.com") will work then let me clear my efforts on that , i
tried setting domain name for asp.net2.0 app in configuration of forms
authentication and it accepts domain name only when i use
cookieless="UseUri" but i am not able to configure domain name on 2nd
app ( asp.net 1.1) still it fails to authenticate when redirected to
2nd app( it asks for login again)

My requirement is bit urgent, it will be helpful if anybody gives me
solution soon

Thanks in advance

Regards,
Purushottam Khandebharad

 
Reply With Quote
 
 
 
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      05-20-2006
In order for the browser to replay the cookie to both apps, the cookie
domain should be part of a DNS domain that is shared by both apps. Thus, if
you have app1.yourdomain.com and app2.yourdomain.com, set the cookie domain
to yourdomain.com and the browser should replay the cookie to both apps when
visited using those DNS names.

If the apps don't share some part of a DNS name in common, you won't get
this to work. This is just how cookies work.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Purushottam Khandebharad" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> Hi,
>
> I have to implement single sign on between 2 web application, 1st is
> asp.net2.0 web app and 2nd is asp.net 1.1 web app, domains of both the
> applications are diff.
>
> I have already configured forms authentication for both the
> applications and <<<its working if both the applications are on
> "localhost" " >>> but if I try to use 2nd application on different
> machine, the forms authentication ticket cookie created by first app is
> not recognized by 2nd application.
>
> P.S.: please be clear that i have used
> 1. same forms auth cookie name for both the apps
> 2. path is "/" for both
> 3. protection is "All" for both apps
> 4. Machine keys are same for both apps.
>
> Configuration and code for bothe apps are as follows
> ---------------------------------------------------------------------------------------
> Asp.net 2.0 App configuration
> ---------------------------------------------------------------------------------------
>
> <system.web>
> <authentication mode="Forms" >
> <forms name=".AUTH"
> loginUrl="Login.aspx"
> protection="All"
> domain=""
> path="/"
> timeout="20"
> slidingExpiration="true"
> enableCrossAppRedirects="true" />
> </authentication>
>
> <authorization>
> <deny users="?"/>
> <allow users="*"/>
> </authorization>
>
> <machineKey
> validationKey='5C9D7A8F3E336275166075E596F19EB9B47 8F771C7FE45B65BF6E9B41BA9575F04672CCC4242B2245200C D0E63A8991CA6BFB2D77FE9C5B0D69889359574C5F3'
> decryptionKey='AF96F355CEC57EFD2F996515BF465DD399F AF7B806B2CD55'
> validation='SHA1'
> decryption='3DES' />
>
> </system.web>
>
> ---------------------------------------------------------------------------------------
> code on login page login button click
> ---------------------------------------------------------------------------------------
>
> FormsAuthentication.SetAuthCookie(TextBox1.Text.Tr im(), false);
>
> Response.Redirect(FormsAuthentication.GetRedirectU rl(TextBox1.Text.Trim(),
> false));
>
>
> ---------------------------------------------------------------------------------------
> Configuration for asp.net 1.1 application
> ---------------------------------------------------------------------------------------
> <system.web>
> <authentication mode="Forms" >
> <forms name=".AUTH"
> loginUrl="Login.aspx"
> protection="All"
> domain=""
> path="/"
> timeout="20"
> slidingExpiration="true"/>
> </authentication>
>
> <authorization>
> <deny users="?"/>
> <allow users="*"/>
> </authorization>
>
> <machineKey
> validationKey='5C9D7A8F3E336275166075E596F19EB9B47 8F771C7FE45B65BF6E9B41BA9575F04672CCC4242B2245200C D0E63A8991CA6BFB2D77FE9C5B0D69889359574C5F3'
> decryptionKey='AF96F355CEC57EFD2F996515BF465DD399F AF7B806B2CD55'
> validation='SHA1'/>
>
> </system.web>
>
> If anybody thinks that giving domain names (like "aap1.sso.com" and
> "app2.sso.com") will work then let me clear my efforts on that , i
> tried setting domain name for asp.net2.0 app in configuration of forms
> authentication and it accepts domain name only when i use
> cookieless="UseUri" but i am not able to configure domain name on 2nd
> app ( asp.net 1.1) still it fails to authenticate when redirected to
> 2nd app( it asks for login again)
>
> My requirement is bit urgent, it will be helpful if anybody gives me
> solution soon
>
> Thanks in advance
>
> Regards,
> Purushottam Khandebharad
>



 
Reply With Quote
 
 
 
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      05-20-2006
if you don't have a contiguous domain namespace - as Joe already pointed
out - cookies will not work. Cookieless is the only option here.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> In order for the browser to replay the cookie to both apps, the cookie
> domain should be part of a DNS domain that is shared by both apps.
> Thus, if you have app1.yourdomain.com and app2.yourdomain.com, set the
> cookie domain to yourdomain.com and the browser should replay the
> cookie to both apps when visited using those DNS names.
>
> If the apps don't share some part of a DNS name in common, you won't
> get this to work. This is just how cookies work.
>
> Joe K.
>



 
Reply With Quote
 
Purushottam Khandebharad
Guest
Posts: n/a
 
      05-22-2006
Thanks Joe Kaplan, i will try your solution.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Automatic sign-up and sign-in across different domains without cookies? Jimmy ASP .Net 1 11-21-2006 04:41 PM
cross domain single sign-on with JAAS Stian Lavik Java 1 05-24-2006 04:08 PM



Advertisments