We help IT Professionals succeed at work.

ASP.net single sign on

MikeCausi
MikeCausi asked
on
714 Views
Last Modified: 2012-06-22
I am trying to have a single sign on work between different domains (i.e. www.abc.com and www.fff.com)


What I have tried to do so far is this.

On abc.com, I have a hidden iframe.  Once I log in and am forms authenticated on abc.com, I execute this line of code to "auto login" on fff.com (of course I would encrypt all data passed back and forth):


hologinframe.Attributes["src"] = "http:/www.fff.com/site1/autologin.aspx?encryptedparams=xxxxx";

The autologin.aspx page does this on pageload:

   FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, "username", DateTime.Now, DateTime.Now.AddMinutes(60), true, "");

        // Get the encrypted version of the ticket
        string strEncrypted = FormsAuthentication.Encrypt(ticket);

        // Put it into a cookie
        HttpCookie hc = new HttpCookie(FormsAuthentication.FormsCookieName, strEncrypted);
        hc.Expires = DateTime.Now.AddHours(12);

        Response.Cookies.Add(hc); // Add it to the cookies collection                                                      

        Response.Redirect(FormsAuthentication.GetRedirectUrl("username", true));

The odd thing that I am finding is that this works on IE, but does not on FF or Chrome.


The only way I could get the autologin to the fff.com site working on FF or Chrome is if I set the frame.src in the pageload of the login page of abc.com instead of the login_LoggedIn function.

Any help to get this working on in all browsers in the login_LoggedIn function?
Comment
Watch Question

Gary DavisDir Internet Svcs

Commented:
Verify your cookies are not being blocked - they may be consicered 3rd-party and depending on browser privacy settings, may be blocked. Use Firebug to view the Http net traffic and cookies sent by the browser.

Usually it is IE that is the problem but apparently not in this case.

Gary Davis

Author

Commented:
Doesn't seem to be blocking the cookies.



I did test something different, however.  Instead of trying to access the logged_in event of the asp.net login control, I tried a regular button click on the abc.com website to auto login to the fff.com site.  This time it worked.  Something about the login control events is not letting the setting of the frame src work.
This doesn't yet resolve my problem since I want to use the built in asp.net login control.
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Going to come back to this another time, but your solution seems reasonable.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.