<div>
the same cookie session from client has to be returned so that the login persist. ASP.NET will issue a cookie called ASP.NET_SessionId. This cookie contains the user's session ID and the cookie will expire at the end of the session (when you close your browser). If the user logs in, a second cookie will be issued. This cookie is usually called .ASPXAUTH, and states that the user is logged in. This cookie sets ASP.NET apart from other web applications, because login-information is usually affiliated with the session ID. And clearing out that cookie, a new session with a new session ID will be created <br />
<br />
<a href="http://erlend.oftedal.no/blog/?blogid=41" rel="ugc">http://erlend.oftedal.no/blog/?blogid=41</a><br />
<br />
also the cookie maybe tagged as http only (no JS can read this cookie) and secure (cookie allow only via https) which the client is to adhere &nbsp;(at least the browser will comply to that hdr option set). May want to check the trait of the cookie in browser using browser plugin to troubleshoot further. Hopefully it is not a expired cookie or server clear that session cookie unintentionally...
</div>


<div>
I went ahead with the webclient that retains cookies and it's working well. &nbsp;I'm still running into one issue.<br />
<br />
So let's say the third party client is <a href="http://www.fake.com" rel="ugc">www.fake.com</a>&nbsp;and I am <a href="http://www.iamme.com" rel="ugc">www.iamme.com</a>. &nbsp; <br />
<br />
The username and password are posted from fake.com to iamme.com/Login.aspx with webclient that retains cookies. &nbsp;It works. &nbsp;The session cookies are retained in the webclient object. &nbsp;I need to then redirect them to <a href="http://www.iamme.com/Page.aspx" rel="ugc">www.iamme.com/Page.aspx</a>&nbsp;(which checks for the authenitcation before allowing access). &nbsp; I have Login.aspx Redirecting after the post but that's not working. &nbsp; I tried Response.Write with the returned string from the webclient.UploadString method. &nbsp;That is half working. &nbsp;It's not really redirecting. &nbsp;I need it to go to the <a href="http://www.iamme.com" rel="ugc">www.iamme.com</a>&nbsp;server with the webclient still maintaining the cookie. &nbsp;Or have the webclient write the cookie to the browser then redirect.<br />
<br />
using (var client = new CookieAwareWebClient())<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; {<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; client.Headers[HttpRequest<wbr />Header.Con<wbr />tentType] = &quot;application/x-www-form-ur<wbr />lencoded&quot;;<wbr /><br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; string HtmlResult = client.UploadString(URI, myParameters);<br />
<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Response.Clear();<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Response.Write(HtmlResult)<wbr />;<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }
</div>


<div>
The author posted a new question and should be another new question. Original query is suggested to maintain secure cookie for session otherwise it is consider another new session and not necessarily secure like the redirect case..it is not about how to do redirect per se in thia Qns context.<br />
<br />
The below is example code <br />
<a href="http://www.c-sharpcorner.com/UploadFile/ca9151/securing-login-page-and-maintaining-single-session-per-user/" rel="ugc">http://www.c-sharpcorner.com/UploadFile/ca9151/securing-login-page-and-maintaining-single-session-per-user/</a>
</div>


<div>
Consider<br />
ID: 40480144<br />
ID: 40480396<br />
ID: 41714936
</div>


<div>
Thanks I noticed only ID: 40480144 is accepted. Just like to check if the below are applicable as well.<br />
ID: 40480396<br />
ID: 41714936
</div>


<div>
<div class="content wysiwyg-content">
This is what I am trying to pull off. &nbsp;Before I keep wracking my brain on how to do it, I thought I'd ask the experts to see if it was even possible.<br />
<br />
I have an application with a login page to authenticate users to use the application. &nbsp;Authentication is determined by session. &nbsp;If you have a valid username and password, a session is created and subsequent pages look for a valid session.<br />
<br />
I want to have third parties be able to post a username and password over SSL connection to that login page and have them get validated (create a session). &nbsp;Right now I have it posting the data to the login page using the WebClient class and UploadString method. &nbsp;It posts fine. &nbsp;It creates the session but when the post is complete, the session is removed.<br />
<br />
What am I missing here?<br />
<br />
I've looked into a &quot;CookieAwareWebClient&quot; but wanted out third parties to have to have as little code as possible on their end and only have to post the username and password to the login page. &nbsp;<br />
<br />
Maybe this isn't the best way?
</div>
</div>


This is what I am trying to pull off.  Before I keep wracking my brain on how to do it, I thought I'd ask the experts to see if it was even possible.

I have an application with a login page to authenticate users to use the application.  Authentication is determined by session.  If you have a valid username and password, a session is created and subsequent pages look for a valid session.

I want to have third parties be able to post a username and password over SSL connection to that login page and have them get validated (create a session).  Right now I have it posting the data to the login page using the WebClient class and UploadString method.  It posts fine.  It creates the session but when the post is complete, the session is removed.

What am I missing here?

I've looked into a "CookieAwareWebClient" but wanted out third parties to have to have as little code as possible on their end and only have to post the username and password to the login page.  

Maybe this isn't the best way?

Cross Site Login

Web applications are systems that run in browsers that perform functions normally associated with other client-based programs. One of the most commonly used web applications is email; instead of downloading individual emails to a local machine, the data is shown through a website. Other examples of web applications are collaborative systems like a wiki or an online game.

Web Applications

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Encryption

Most development for the Microsoft platform is done utilizing the technologies supported by the.NET framework. Other development is done using Visual Basic for Applications (VBA) for programs like Access, Excel, Word and Outlook, with PowerShell for scripting, or with SQL for large databases.