Solved

Shared Forms authentication .NET Websites

Posted on 2013-12-05
7
433 Views
Last Modified: 2013-12-15
We have one pre existing web application that uses Forms authentication, we want to make a 1 page ASPX page in c# that would display the current logged in User Name or NOT LOGGED IN for the text.

This 1 Page website would be on the same server but a separate Application Pool and Separate Site.
 The Web URL's would be like

acme.com
sample.acme.com - 1 Page website - Deafult.aspx only.

I am more looking for working example, what I have so far is this, but it is not carrying over the logged in state.

http://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx
0
Comment
Question by:EazyWorks
  • 4
  • 3
7 Comments
 
LVL 21

Expert Comment

by:Dale Burrell
ID: 39700088
That only allows you the share the same login details, not the actual sessions.

i.e. All users can login and use both sites. But a session is only ever on the one site - there is no *easy* way to share sessions between the sites.

If you absolutely must run this as a separate site (which is what is adding the complexity) then off the cuff I recon the easiest way would be to write a tiny web service on your main site which the second site can query to get a list of current logged in users. (Unless you store the sessions in SQL Server, in which case you can query the database directly).

Your web service would need to do something similar to this http://stackoverflow.com/questions/1470334/list-all-active-asp-net-sessions
0
 

Author Comment

by:EazyWorks
ID: 39707190
That is strange, as connecting to the same database to share the authentication would just require putting the same connection string, what is the point of these extra settings??
I was hoping someone else would also put up some information because I am not sure this is correct.

For example if I want application A and B to have the same log in(s) I would just need to authenticate with the same SQL connection string, the other info listed in the article about matching Machine keys, making sure the validation name is the same is all not needed.

I am pretty sure these settings are for what I was describing where you can save a session and move from site to site as long as you match up these settings correctly.

I get your suggestion as well, but we will not be doing it this way, but thanks.
0
 
LVL 21

Expert Comment

by:Dale Burrell
ID: 39707255
I can assure you I am correct - I've done a lot of work in this area.

Where you store the authentication details of the users who can login to your system is completely separate from where you store who is currently logged in.

You can happily share the database which stores the user details but you cannot (easily) share session state. You would have to write your own session management code.

Here are the details on how sessions are stored http://msdn.microsoft.com/en-us/library/ms178586.ASPX

By default they are stored 'InProc' i.e. in process memory. You can store them in SQL server which in theory would mean you could roll your own session management, and then share them between sites. But out of the box you can't do that.

I hope that makes sense, that the list of allowed users is stored and managed completely separately from the list of sessions.

If you do a google search you will find the same answer https://www.google.co.nz/search?q=share+session+state+between+2+sites&oq=share+session+state+between+2+sites&aqs=chrome..69i57.6583j0j7&sourceid=chrome&espv=210&es_sm=93&ie=UTF-8

Of interest might be http://stackoverflow.com/questions/616046/passing-session-data-between-asp-net-applications which seems to imply you can solve the problem by having an external third party manage your sessions. Mozilla Persona does this also.

Good luck.
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 

Author Comment

by:EazyWorks
ID: 39707311
I got it to work, thanks for your input.
0
 

Accepted Solution

by:
EazyWorks earned 0 total points
ID: 39709060
I ended up following this article and I think what I was missing was the domain in the settings of the web.config.

http://msdn.microsoft.com/en-us/library/eb0zx8fc(v=vs.100).aspx

I also want to emphasize this quote in this article.
 
"When forms authentication is enabled across multiple ASP.NET applications, users are not required to re-authenticate when switching between the applications."

I also ran across another article mentioning that if you try to do this from .net 2.0 to .net 4.0 you need to add this tag in the machineKey section
decryption="3DES"

I have this working with two .NET application both .NET 4.0, in different folders, and separate application pools. In my running system I can go from one system to the other without having to log in, and it carries over the same logged in user and access rights into the new application.

Based on my research this is also key to a web-farm servers that have several servers supporting the same system, it would not be effective if you had to keep signing in.
0
 
LVL 21

Expert Comment

by:Dale Burrell
ID: 39709597
Thats very interesting. I suspect if you were to store anything in a sessions variable you would lose that.

I also wonder how it manages to share the authentication cookie across multiple domains - normally a cookie is associated with a single domain only.

Well done anyway.
0
 

Author Closing Comment

by:EazyWorks
ID: 39719738
It worked
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now