Forms Authentication Across Applications

Discussion in 'ASP .Net' started by =?Utf-8?B?RmFyaWJh?=, May 16, 2007.

  1. It know that we can use the following method
    http://msdn2.microsoft.com/en-us/library/eb0zx8fc.aspx

    to form authenticate across multiple applications.

    I have created an asp.net application that supports form authentication. My
    application is going to be called by another legacy application (HTML) which
    does the initial authentication.Something like this:

    <form name="form1" action="auth.asp" method="post" >
    ......
    </form>

    How can I implement "Forms Authentication Across Applications" in this
    case? I assume sending authentication information via query string is my
    only option, right?

    Thanks a lot

    Fariba
    ASP.NET ISharp - Cairo
    =?Utf-8?B?RmFyaWJh?=, May 16, 2007
    #1
    1. Advertising

  2. Forms authentication works with, and requires cookies. So unless you want to
    manually (in your code) create and assign a vaild Forms Auth ticket in
    response to the querystring "deal", that would be the only way that I can
    think of.
    Peter
    --
    Site: http://www.eggheadcafe.com
    UnBlog: http://petesbloggerama.blogspot.com
    Short urls & more: http://ittyurl.net




    "Fariba" wrote:

    > It know that we can use the following method
    > http://msdn2.microsoft.com/en-us/library/eb0zx8fc.aspx
    >
    > to form authenticate across multiple applications.
    >
    > I have created an asp.net application that supports form authentication. My
    > application is going to be called by another legacy application (HTML) which
    > does the initial authentication.Something like this:
    >
    > <form name="form1" action="auth.asp" method="post" >
    > .....
    > </form>
    >
    > How can I implement "Forms Authentication Across Applications" in this
    > case? I assume sending authentication information via query string is my
    > only option, right?
    >
    > Thanks a lot
    >
    > Fariba
    > ASP.NET ISharp - Cairo
    >
    >
    =?Utf-8?B?UGV0ZXIgQnJvbWJlcmcgW0MjIE1WUF0=?=, May 16, 2007
    #2
    1. Advertising

  3. The application which is calling my application is an HTML application with
    the form tag I mentioned before. Will it be able to issue a ticket or cooki?

    Thanks

    "Peter Bromberg [C# MVP]" wrote:

    > Forms authentication works with, and requires cookies. So unless you want to
    > manually (in your code) create and assign a vaild Forms Auth ticket in
    > response to the querystring "deal", that would be the only way that I can
    > think of.
    > Peter
    > --
    > Site: http://www.eggheadcafe.com
    > UnBlog: http://petesbloggerama.blogspot.com
    > Short urls & more: http://ittyurl.net
    >
    >
    >
    >
    > "Fariba" wrote:
    >
    > > It know that we can use the following method
    > > http://msdn2.microsoft.com/en-us/library/eb0zx8fc.aspx
    > >
    > > to form authenticate across multiple applications.
    > >
    > > I have created an asp.net application that supports form authentication. My
    > > application is going to be called by another legacy application (HTML) which
    > > does the initial authentication.Something like this:
    > >
    > > <form name="form1" action="auth.asp" method="post" >
    > > .....
    > > </form>
    > >
    > > How can I implement "Forms Authentication Across Applications" in this
    > > case? I assume sending authentication information via query string is my
    > > only option, right?
    > >
    > > Thanks a lot
    > >
    > > Fariba
    > > ASP.NET ISharp - Cairo
    > >
    > >
    =?Utf-8?B?RmFyaWJh?=, May 16, 2007
    #3
  4. The Forms auth ticket cookie is issued by ASP.NET on the server in response
    to a login form post with the username and password.
    Peter

    --
    Site: http://www.eggheadcafe.com
    UnBlog: http://petesbloggerama.blogspot.com
    Short urls & more: http://ittyurl.net




    "Fariba" wrote:

    > The application which is calling my application is an HTML application with
    > the form tag I mentioned before. Will it be able to issue a ticket or cooki?
    >
    > Thanks
    >
    > "Peter Bromberg [C# MVP]" wrote:
    >
    > > Forms authentication works with, and requires cookies. So unless you want to
    > > manually (in your code) create and assign a vaild Forms Auth ticket in
    > > response to the querystring "deal", that would be the only way that I can
    > > think of.
    > > Peter
    > > --
    > > Site: http://www.eggheadcafe.com
    > > UnBlog: http://petesbloggerama.blogspot.com
    > > Short urls & more: http://ittyurl.net
    > >
    > >
    > >
    > >
    > > "Fariba" wrote:
    > >
    > > > It know that we can use the following method
    > > > http://msdn2.microsoft.com/en-us/library/eb0zx8fc.aspx
    > > >
    > > > to form authenticate across multiple applications.
    > > >
    > > > I have created an asp.net application that supports form authentication. My
    > > > application is going to be called by another legacy application (HTML) which
    > > > does the initial authentication.Something like this:
    > > >
    > > > <form name="form1" action="auth.asp" method="post" >
    > > > .....
    > > > </form>
    > > >
    > > > How can I implement "Forms Authentication Across Applications" in this
    > > > case? I assume sending authentication information via query string is my
    > > > only option, right?
    > > >
    > > > Thanks a lot
    > > >
    > > > Fariba
    > > > ASP.NET ISharp - Cairo
    > > >
    > > >
    =?Utf-8?B?UGV0ZXIgQnJvbWJlcmcgW0MjIE1WUF0=?=, May 16, 2007
    #4
  5. Thanks peter for your reponse.

    if the cookie is not issued in the parent application (the one with the
    <form> tag which calls "auth.asp") let's say they use another way of keeping
    the security context , then I am stuck? :)

    BTW, I though that :

    1) There is something called cookieless form authentication which does not
    require cookie

    2) Cookie and ticket are two differnet things but related. From what I have
    interpreted from "The Forms auth ticket cookie is issued by ASP.NET ..." they
    are the same thing? Can my html application which calls that asp page issues
    a ticket and I get that ticket in my asp.net page and reuse it as part of the
    forms authentication scenario?


    Thanks a lot for your time

    "Peter Bromberg [C# MVP]" wrote:

    > The Forms auth ticket cookie is issued by ASP.NET on the server in response
    > to a login form post with the username and password.
    > Peter
    >
    > --
    > Site: http://www.eggheadcafe.com
    > UnBlog: http://petesbloggerama.blogspot.com
    > Short urls & more: http://ittyurl.net
    >
    >
    >
    >
    > "Fariba" wrote:
    >
    > > The application which is calling my application is an HTML application with
    > > the form tag I mentioned before. Will it be able to issue a ticket or cooki?
    > >
    > > Thanks
    > >
    > > "Peter Bromberg [C# MVP]" wrote:
    > >
    > > > Forms authentication works with, and requires cookies. So unless you want to
    > > > manually (in your code) create and assign a vaild Forms Auth ticket in
    > > > response to the querystring "deal", that would be the only way that I can
    > > > think of.
    > > > Peter
    > > > --
    > > > Site: http://www.eggheadcafe.com
    > > > UnBlog: http://petesbloggerama.blogspot.com
    > > > Short urls & more: http://ittyurl.net
    > > >
    > > >
    > > >
    > > >
    > > > "Fariba" wrote:
    > > >
    > > > > It know that we can use the following method
    > > > > http://msdn2.microsoft.com/en-us/library/eb0zx8fc.aspx
    > > > >
    > > > > to form authenticate across multiple applications.
    > > > >
    > > > > I have created an asp.net application that supports form authentication. My
    > > > > application is going to be called by another legacy application (HTML) which
    > > > > does the initial authentication.Something like this:
    > > > >
    > > > > <form name="form1" action="auth.asp" method="post" >
    > > > > .....
    > > > > </form>
    > > > >
    > > > > How can I implement "Forms Authentication Across Applications" in this
    > > > > case? I assume sending authentication information via query string is my
    > > > > only option, right?
    > > > >
    > > > > Thanks a lot
    > > > >
    > > > > Fariba
    > > > > ASP.NET ISharp - Cairo
    > > > >
    > > > >
    =?Utf-8?B?RmFyaWJh?=, May 16, 2007
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. JC
    Replies:
    1
    Views:
    545
  2. Eric
    Replies:
    2
    Views:
    1,399
    Tommy
    Feb 13, 2004
  3. Tod Birdsall, MCSD for .NET

    Sharing Authentication Across ASP.NET Applications

    Tod Birdsall, MCSD for .NET, Oct 14, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    769
    Tod Birdsall, MCSD for .NET
    Oct 19, 2005
  4. Janaka

    Forms Authentication across applications

    Janaka, May 10, 2004, in forum: ASP .Net Security
    Replies:
    2
    Views:
    169
    Janaka
    May 10, 2004
  5. Eric
    Replies:
    2
    Views:
    466
Loading...

Share This Page