FormsAuthentication problem with popup login window

Discussion in 'ASP .Net Security' started by Mark Farragher, Sep 25, 2003.

  1. I have a problem with FormsAuthentication:

    I have two web applications:
    http://localhost/bx/authentication
    http://localhost/myapp

    I have a 'login' hyperlink in MyApp that opens
    http://localhost/bx/authentication/login.aspx in a popup window. The popup
    window has a username and password text field and an ok button. The postback
    code for the ok button is:

    ....
    FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
    1, txtUID.Text, DateTime.Now, DateTime.Now.AddMinutes(30), false,
    myPayload);
    string ticketstring = FormsAuthentication.Encrypt(ticket);
    HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName,
    ticketstring);
    Response.Cookies.Add(cookie);
    ....

    The web.config file in both applications has an authentication section:

    ....
    <authentication mode="Forms">
    <forms name="BXAuthentication" protection="All" />
    </authentication>
    ....

    This does not work. User.Identity is always null in MyApp. The weird thing
    is that when I add this code to MyApp's Page_Load method:

    Response.Write
    (Request.Cookies[FormsAuthentication.FormsCookieName].Value.ToString());

    I can actually see the serialized login ticket!! So the cookie is passed
    correctly from the popup window to MyApp, but somehow this does not count as
    being authenticated. How can I get MyApp to 'accept' the cookie? What am I
    missing? Is authentication accross AppDomains possible at all?

    Thanks for any help,

    Mark
    Mark Farragher, Sep 25, 2003
    #1
    1. Advertising

  2. Mark Farragher

    Me2 Guest

    Look here for information regarding authentication across applications:

    http://msdn.microsoft.com/library/d...us/cpguide/html/cpconaspnetauthentication.asp

    --
    Ralph Page MBA, CMBA, MCDBA, MCSE, CCNA
    -------------------------------------------------------------------------
    "However beautiful the strategy, you should occasionally look at the
    results."
    -- Winston Churchill
    -------------------------------------------------------------------------
    "Mark Farragher" <> wrote in message
    news:#...
    > I have a problem with FormsAuthentication:
    >
    > I have two web applications:
    > http://localhost/bx/authentication
    > http://localhost/myapp
    >
    > I have a 'login' hyperlink in MyApp that opens
    > http://localhost/bx/authentication/login.aspx in a popup window. The popup
    > window has a username and password text field and an ok button. The

    postback
    > code for the ok button is:
    >
    > ....
    > FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
    > 1, txtUID.Text, DateTime.Now, DateTime.Now.AddMinutes(30), false,
    > myPayload);
    > string ticketstring = FormsAuthentication.Encrypt(ticket);
    > HttpCookie cookie = new

    HttpCookie(FormsAuthentication.FormsCookieName,
    > ticketstring);
    > Response.Cookies.Add(cookie);
    > ....
    >
    > The web.config file in both applications has an authentication section:
    >
    > ....
    > <authentication mode="Forms">
    > <forms name="BXAuthentication" protection="All" />
    > </authentication>
    > ....
    >
    > This does not work. User.Identity is always null in MyApp. The weird thing
    > is that when I add this code to MyApp's Page_Load method:
    >
    > Response.Write
    > (Request.Cookies[FormsAuthentication.FormsCookieName].Value.ToString());
    >
    > I can actually see the serialized login ticket!! So the cookie is passed
    > correctly from the popup window to MyApp, but somehow this does not count

    as
    > being authenticated. How can I get MyApp to 'accept' the cookie? What am I
    > missing? Is authentication accross AppDomains possible at all?
    >
    > Thanks for any help,
    >
    > Mark
    >
    >
    Me2, Sep 29, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?S2FseWFuaQ==?=

    Redirecting to login page from a popup window.

    =?Utf-8?B?S2FseWFuaQ==?=, Jun 21, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    852
    =?Utf-8?B?c3Jpbmk=?=
    Jun 21, 2005
  2. =?Utf-8?B?Sm9obiBXYWxrZXI=?=

    Popup Window Popup Timing

    =?Utf-8?B?Sm9obiBXYWxrZXI=?=, Nov 4, 2005, in forum: ASP .Net
    Replies:
    3
    Views:
    834
    =?Utf-8?B?Sm9obiBXYWxrZXI=?=
    Nov 4, 2005
  3. Mark Farragher

    FormsAuthentication problem with popup login window

    Mark Farragher, Sep 25, 2003, in forum: ASP .Net Security
    Replies:
    0
    Views:
    154
    Mark Farragher
    Sep 25, 2003
  4. Jens Peter Hansen
    Replies:
    7
    Views:
    501
    Randy Webb
    Jun 19, 2004
  5. Raffi
    Replies:
    4
    Views:
    204
    Dr John Stockton
    Aug 12, 2004
Loading...

Share This Page