Forms Authentication across applications

J

Janaka

I've read the material on Forms Authentication and I've set this up for
several websites without any problems. Basically there's 2 applications for
each site.
1. The "www" application for the non-secure pages - http://www.domain.com
2. The "secure" application for sensitive pages like checkout, login,
tc - https://secure.domain.com

All sites follow this format. The application files are on physically
seperate machines.

Now the problem I'm having is that I'd like to use the Forms Authentication
cookie to see whether the user has been authenticated on my "www" pages.
However, it appears as if they haven't logged in. I had a look at the msdn
article to set up authentication across appplications
(
http://msdn.microsoft.com/library/d.../html/cpconformsauthenticationcredentials.asp )
but found the isolateApplications attribute doesn't exist??
As you can see this isn't stated on the <machineKey> reference either:
http://msdn.microsoft.com/library/d...n-us/cpgenref/html/gngrfmachinekeysection.asp

Has anyone gotten forms authentication to work between 2 applications? I'd
like to use SSL for my login page but it appears that won't work because the
first part of the domain is different?
 
H

Hernan de Lahitte

You might have a cookie persistence issue with the your cross domain
scenario. You have some good hints about this here:
http://www.codeproject.com/aspnet/aspnetsinglesignon.asp.
About the SSL certificate issue, you should have a cert. for
secure.domain.com that is where your secure pages resides.
The "isolateApplications" is not an attribute, its a modifier to the
decryptionKey or validationKey attributes and the usage is as states on the
machine key help.

<machineKey validationKey="AutoGenerate,IsolateApps"
decryptionKey="AutoGenerate,IsolateApps"
validation="SHA1"/>
The isolateApps option is specified to generate unique keys for each
application on the server.Unfortunately, the sample of your first link is
wrong.-- Hernan de LahitteLagash Systems S.A.http://weblogs.asp.net/hernandl

This posting is provided "AS IS" with no warranties, and confers no rights.

Janaka said:
I've read the material on Forms Authentication and I've set this up for
several websites without any problems. Basically there's 2 applications for
each site.
1. The "www" application for the non-secure pages - http://www.domain.com
2. The "secure" application for sensitive pages like checkout, login,
tc - https://secure.domain.com

All sites follow this format. The application files are on physically
seperate machines.

Now the problem I'm having is that I'd like to use the Forms Authentication
cookie to see whether the user has been authenticated on my "www" pages.
However, it appears as if they haven't logged in. I had a look at the msdn
article to set up authentication across appplications
(
http://msdn.microsoft.com/library/d.../html/cpconformsauthenticationcredentials.asp )
 
J

Janaka

Thanks I'll give this a go and see how it turns out.
Hernan de Lahitte said:
You might have a cookie persistence issue with the your cross domain
scenario. You have some good hints about this here:
http://www.codeproject.com/aspnet/aspnetsinglesignon.asp.
About the SSL certificate issue, you should have a cert. for
secure.domain.com that is where your secure pages resides.
The "isolateApplications" is not an attribute, its a modifier to the
decryptionKey or validationKey attributes and the usage is as states on the
machine key help.

<machineKey validationKey="AutoGenerate,IsolateApps"
decryptionKey="AutoGenerate,IsolateApps"
validation="SHA1"/>
The isolateApps option is specified to generate unique keys for each
application on the server.Unfortunately, the sample of your first link is
wrong.-- Hernan de LahitteLagash Systems S.A.http://weblogs.asp.net/hernandl

This posting is provided "AS IS" with no warranties, and confers no rights.
http://msdn.microsoft.com/library/d.../html/cpconformsauthenticationcredentials.asp )
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,900
Latest member
Nell636132

Latest Threads

Top