Context.User across sites

Discussion in 'ASP .Net Security' started by Ben Waldron, Sep 7, 2005.

  1. Ben Waldron

    Ben Waldron Guest

    I have a website (ASP.NET 1.0) that is attaching a Principle to Context.User
    (and checking autnetication in the Authenticate_Request event.

    I am planning on deploying another site (ASP.NET 2.0) and want respect the
    authentication from the first site. Is it possible to do this? I would
    assume that I would lose the Context across site boundaries, but wanted to
    check to make sure.

    If I can't do this, what is the path of least resistance to unify
    authentication across these sites (Windows authentication is not an option)?

    Thanks in advance,
    Ben
    Ben Waldron, Sep 7, 2005
    #1
    1. Advertising

  2. Hello Ben,

    are you using FormsAuthentication??


    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > I have a website (ASP.NET 1.0) that is attaching a Principle to
    > Context.User (and checking autnetication in the Authenticate_Request
    > event.
    >
    > I am planning on deploying another site (ASP.NET 2.0) and want respect
    > the authentication from the first site. Is it possible to do this? I
    > would assume that I would lose the Context across site boundaries, but
    > wanted to check to make sure.
    >
    > If I can't do this, what is the path of least resistance to unify
    > authentication across these sites (Windows authentication is not an
    > option)?
    >
    > Thanks in advance,
    > Ben
    Dominick Baier [DevelopMentor], Sep 7, 2005
    #2
    1. Advertising

  3. Ben Waldron

    Ben Waldron Guest

    Dominick-

    Yes, using Forms auth.

    Thanks,
    Ben

    "Dominick Baier [DevelopMentor]" wrote:

    > Hello Ben,
    >
    > are you using FormsAuthentication??
    >
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    > > I have a website (ASP.NET 1.0) that is attaching a Principle to
    > > Context.User (and checking autnetication in the Authenticate_Request
    > > event.
    > >
    > > I am planning on deploying another site (ASP.NET 2.0) and want respect
    > > the authentication from the first site. Is it possible to do this? I
    > > would assume that I would lose the Context across site boundaries, but
    > > wanted to check to make sure.
    > >
    > > If I can't do this, what is the path of least resistance to unify
    > > authentication across these sites (Windows authentication is not an
    > > option)?
    > >
    > > Thanks in advance,
    > > Ben

    >
    >
    >
    >
    Ben Waldron, Sep 7, 2005
    #3
  4. Hello Ben,

    ok - i am not 100% sure if the FormsAuth cookies are compatible between 1.0
    and 2.0, but

    - you have to get that cookie accross to you "other" site (easy if in the
    same domain namespace) - or in other words, the browser has to send the cookie
    to both sites
    - if both apps use the same key for cookie decryption/validation this should
    just work seamlessly.

    generate a <machineKey> element, duplicate this setting in both apps.

    here is a tool to generate the key xml element:
    http://www.develop.com/technology/resourcedetail.aspx?id=78da5ca5-5079-4f8f-99c5-b080117ceac0

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Dominick-
    >
    > Yes, using Forms auth.
    >
    > Thanks,
    > Ben
    > "Dominick Baier [DevelopMentor]" wrote:
    >
    >> Hello Ben,
    >>
    >> are you using FormsAuthentication??
    >>
    >> ---------------------------------------
    >> Dominick Baier - DevelopMentor
    >> http://www.leastprivilege.com
    >>> I have a website (ASP.NET 1.0) that is attaching a Principle to
    >>> Context.User (and checking autnetication in the Authenticate_Request
    >>> event.
    >>>
    >>> I am planning on deploying another site (ASP.NET 2.0) and want
    >>> respect the authentication from the first site. Is it possible to
    >>> do this? I would assume that I would lose the Context across site
    >>> boundaries, but wanted to check to make sure.
    >>>
    >>> If I can't do this, what is the path of least resistance to unify
    >>> authentication across these sites (Windows authentication is not an
    >>> option)?
    >>>
    >>> Thanks in advance,
    >>> Ben
    Dominick Baier [DevelopMentor], Sep 7, 2005
    #4
  5. Ben Waldron

    Ben Waldron Guest

    Thanks Dominick. There diesn't seem to be an update on the cookies from 1.0
    to 2.0 so looks like it will work.

    For others, I found a link that describes what I am looking to do pretty well:
    http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx

    Thanks,
    Ben

    "Dominick Baier [DevelopMentor]" wrote:

    > Hello Ben,
    >
    > ok - i am not 100% sure if the FormsAuth cookies are compatible between 1.0
    > and 2.0, but
    >
    > - you have to get that cookie accross to you "other" site (easy if in the
    > same domain namespace) - or in other words, the browser has to send the cookie
    > to both sites
    > - if both apps use the same key for cookie decryption/validation this should
    > just work seamlessly.
    >
    > generate a <machineKey> element, duplicate this setting in both apps.
    >
    > here is a tool to generate the key xml element:
    > http://www.develop.com/technology/resourcedetail.aspx?id=78da5ca5-5079-4f8f-99c5-b080117ceac0
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    > > Dominick-
    > >
    > > Yes, using Forms auth.
    > >
    > > Thanks,
    > > Ben
    > > "Dominick Baier [DevelopMentor]" wrote:
    > >
    > >> Hello Ben,
    > >>
    > >> are you using FormsAuthentication??
    > >>
    > >> ---------------------------------------
    > >> Dominick Baier - DevelopMentor
    > >> http://www.leastprivilege.com
    > >>> I have a website (ASP.NET 1.0) that is attaching a Principle to
    > >>> Context.User (and checking autnetication in the Authenticate_Request
    > >>> event.
    > >>>
    > >>> I am planning on deploying another site (ASP.NET 2.0) and want
    > >>> respect the authentication from the first site. Is it possible to
    > >>> do this? I would assume that I would lose the Context across site
    > >>> boundaries, but wanted to check to make sure.
    > >>>
    > >>> If I can't do this, what is the path of least resistance to unify
    > >>> authentication across these sites (Windows authentication is not an
    > >>> option)?
    > >>>
    > >>> Thanks in advance,
    > >>> Ben

    >
    >
    >
    >
    Ben Waldron, Sep 7, 2005
    #5
  6. Hello Ben,

    btw - using ASP.NET 2.0 there is a more elegant way of getting the groups
    from a windows user than described in the article

    simply:

    string[] roles = new WindowsTokenRoleProvider().GetRolesForUser(Context.User.Identity.Name);


    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Thanks Dominick. There diesn't seem to be an update on the cookies
    > from 1.0 to 2.0 so looks like it will work.
    >
    > For others, I found a link that describes what I am looking to do
    > pretty well:
    > http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx
    >
    > Thanks,
    > Ben
    > "Dominick Baier [DevelopMentor]" wrote:
    >
    >> Hello Ben,
    >>
    >> ok - i am not 100% sure if the FormsAuth cookies are compatible
    >> between 1.0 and 2.0, but
    >>
    >> - you have to get that cookie accross to you "other" site (easy if in
    >> the
    >> same domain namespace) - or in other words, the browser has to send
    >> the cookie
    >> to both sites
    >> - if both apps use the same key for cookie decryption/validation this
    >> should
    >> just work seamlessly.
    >> generate a <machineKey> element, duplicate this setting in both apps.
    >>
    >> here is a tool to generate the key xml element:
    >> http://www.develop.com/technology/resourcedetail.aspx?id=78da5ca5-507
    >> 9-4f8f-99c5-b080117ceac0
    >> ---------------------------------------
    >> Dominick Baier - DevelopMentor
    >> http://www.leastprivilege.com
    >>> Dominick-
    >>>
    >>> Yes, using Forms auth.
    >>>
    >>> Thanks,
    >>> Ben
    >>> "Dominick Baier [DevelopMentor]" wrote:
    >>>> Hello Ben,
    >>>>
    >>>> are you using FormsAuthentication??
    >>>>
    >>>> ---------------------------------------
    >>>> Dominick Baier - DevelopMentor
    >>>> http://www.leastprivilege.com
    >>>>> I have a website (ASP.NET 1.0) that is attaching a Principle to
    >>>>> Context.User (and checking autnetication in the
    >>>>> Authenticate_Request event.
    >>>>>
    >>>>> I am planning on deploying another site (ASP.NET 2.0) and want
    >>>>> respect the authentication from the first site. Is it possible to
    >>>>> do this? I would assume that I would lose the Context across site
    >>>>> boundaries, but wanted to check to make sure.
    >>>>>
    >>>>> If I can't do this, what is the path of least resistance to unify
    >>>>> authentication across these sites (Windows authentication is not
    >>>>> an option)?
    >>>>>
    >>>>> Thanks in advance,
    >>>>> Ben
    Dominick Baier [DevelopMentor], Sep 8, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kevin Buchan
    Replies:
    1
    Views:
    461
    Eric Lawrence [MSFT]
    Feb 20, 2004
  2. Stefan Caliandro
    Replies:
    2
    Views:
    612
    Beauregard T. Shagnasty
    Feb 14, 2005
  3. Jasbird

    Sites about web-sites ?

    Jasbird, Sep 12, 2006, in forum: HTML
    Replies:
    1
    Views:
    392
  4. Tim Mackey
    Replies:
    0
    Views:
    153
    Tim Mackey
    Jun 3, 2004
  5. Anthony
    Replies:
    1
    Views:
    115
    Jorge Matos
    Oct 22, 2004
Loading...

Share This Page