Solved

ASP.net Single Sign On

Posted on 2010-09-20
2
326 Views
Last Modified: 2012-06-21
I have set up 2 websites on the same domain at the moment (for example,   test.mainsite.com/site1 and test.mainsite.com/site2).

I have been trying to achieve an SSO between them and think that I have it working, but I want to make sure that I am not creating any security holes.  I will highlight the changes I made to each application and ask for advice/comments:

Both web.configs have a machine key defined with the same validationKey, decryptionKey, and validation.

Both web.confgs have the same forms authentication definition.
 <authentication mode="Forms">
 <forms timeout="1440" loginUrl="~/Login.aspx" name="formscookiename1" path="/"/>
 </authentication>

On the login page of my site 1, I create the Formauth and cookie as such:

FormsAuthenticationTicket ticket = new  FormsAuthenticationTicket( loginname, true, 720 );
string strEncrypted = FormsAuthentication.Encrypt( ticket );
            HttpCookie hc = new HttpCookie( FormsAuthentication.FormsCookieName, strEncrypted );
hc.Expires = DateTime.Now.AddHours( 8);
Response.Cookies.Add( hc );


What I found is that as long as the machinekey info is the same, and the formscookie name is the same, I was able to login to site 1 and automatically be logged into site 2 when I hit that site.

Also, the logout page with this code in it;
FormsAuthentication.SignOut();                   

successfully signed out of both sites.


My question really is then, have I done this right?  Are there any mistakes made here that would open up a security hole in the 2 sites (i.e can cookies be copied etc..).

Thanks.
0
Comment
Question by:MikeCausi
2 Comments
 
LVL 41

Accepted Solution

by:
guru_sami earned 500 total points
Comment Utility
What you have done is fine and that's how it is done.
0
 

Author Closing Comment

by:MikeCausi
Comment Utility
Thanks for the confirmation.  
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

A quick way to get a menu to work on our website, is using the Menu control and assign it to a web.sitemap using SiteMapDataSource. Example of web.sitemap file: (CODE) Sample code to add to the page menu: (CODE) Running the application, we wi…
Entity Framework is a powerful tool to help you interact with the DataBase but still doesn't help much when we have a Stored Procedure that returns more than one resultset. The solution takes some of out-of-the-box thinking; read on!
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now