Issue using ASP.NET forms authenticationwith frame redirect

D

dpomt

I am facing an issue using ASP.NET forms authentication.

Scenario:
Machine 1: http://subd1.provider1.com (1)
Frame redirect to http://subd.provider2.com
Machine 2: http://subd2.provider2.com (2)

For both URLs, I am getting the login page.
For (2), I could successfully login and the DestinationPageUrl is displayed
right after.
The problem is that for (1) after login the login page is displayed again
instead of the DestinationPageUrl.

I assume it has something to do with the frame redirect.

If I first go to (2) and successfully login and later go to (1), it tells me
I am already logged in and things work fine.

I have already try to use session state mode 'StateServer' with no success.


Any help would be greatly appreciated!
Dieter
 
W

Walter Wang [MSFT]

Hi Dieter,

I'm not very clear about your current configuration now, so I need to ask
for some information first:

1) Are you trying to achieve Single-Sign-On between different website
domain? Usually the forms authentication cookie (if cookie is enabled) can
be shared by domains subd1.domain.com and subd2.domain.com, but not between
subd.domain1.com and subd.domain2.com.
2) Do you mean that a page in the frameset is redirected to
http://subd.provider2.com and you will be presented two login pages? Is the
first login page also from domain provider2.com?
3) Are you encrypting forms authentication ticket? If this is the case, you
will need to make sure the machine key used between two websites are the
same, they're auto-generated by default.

Please see if following pages help:

#Single Sign On across multiple ASP.NET applications > Developer's Corner -
Resources for Developers > Knowledge Base
http://www.developer-corner.com/Resources/KnowledgeBase/tabid/118/articleTyp
e/ArticleView/articleId/23/Default.aspx


#Hosting Multiple Web Applications
http://msdn2.microsoft.com/en-us/library/aa302436.aspx


Regards,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
 
D

dpomt

Hello Walter,

thanks for your reply.
Concerning your questions:
1) no. The only thing I want is to use frame redirect to redirect a domain
hosted at provider A to my server (that runs the website) at provide B.
2) yes/yes
3) don't matter since I have no ASP.NET web at provider A (see 1))


Let me try to explain the issue more detailly:

(1)
http://subdomain.domain1.com/index.html
<html>
<head>
</head>
<frameset rows="100%">
<frame src="http://subdomain.domain2.com/" frameborder="0"
noresize="noresize"/>
</frameset>
</html>


(2)
http://subdomain.domain2.com/somepage.aspx

In http://subdomain.domain2.com/web.config, there is forms authentication
activated and somepage.aspx is secured:

<location path="somepage.aspx">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>




When calling (2), http://subdomain.domain2.com/somepage.aspx triggers
http://subdomain.domain2.com/login.aspx?ReturnUrl=/somepage.aspx. I then
could enter my credentials and right after, the content of
http://subdomain.domain2.com/somepage.aspx is displayed.

When calling (1), I will also get the login.aspx from (2) (through the
frame), but after entering my credentials, login.aspx is shown again and not
- as expected - the content of http://subdomain.domain2.com/somepage.aspx (in
the frame).


Hope things are getting clearer now.


"Walter Wang [MSFT]" said:
Hi Dieter,

I'm not very clear about your current configuration now, so I need to ask
for some information first:

1) Are you trying to achieve Single-Sign-On between different website
domain? Usually the forms authentication cookie (if cookie is enabled) can
be shared by domains subd1.domain.com and subd2.domain.com, but not between
subd.domain1.com and subd.domain2.com.
2) Do you mean that a page in the frameset is redirected to
http://subd.provider2.com and you will be presented two login pages? Is the
first login page also from domain provider2.com?
3) Are you encrypting forms authentication ticket? If this is the case, you
will need to make sure the machine key used between two websites are the
same, they're auto-generated by default.

Please see if following pages help:

#Single Sign On across multiple ASP.NET applications > Developer's Corner -
Resources for Developers > Knowledge Base
http://www.developer-corner.com/Resources/KnowledgeBase/tabid/118/articleTyp
e/ArticleView/articleId/23/Default.aspx


#Hosting Multiple Web Applications
http://msdn2.microsoft.com/en-us/library/aa302436.aspx


Regards,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
 
W

Walter Wang [MSFT]

Hi Dieter,

Thanks for your detailed explanation. Now I have clearer picture of the
issue.

I believe this is because IE by default rejects cookies from a frame and
ASP.NET Forms Authentication needs the cookie to be accepted at client-side
to be considered as "logged in".

Here's some explanation and possible workarounds:

#ASP.NET Resources - Frames, ASPX Pages and Rejected Cookies
http://aspnetresources.com/blog/frames_webforms_and_rejected_cookies.aspx

I think the simplest workaround will be to prevent your login page from
putting in a frameset by using javascript below:

<script type="text/javascript">
if (top != self)
top.location.href = location.href;
</script>


Regards,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
 
D

dpomt

Walter,

thanks a lot for your explanation. This makes sense and I now do understand
why the frame redirect does not work for me with ASP.NET authentication.
I think the simplest workaround will be to prevent your login page from
putting in a frameset by using javascript below:
...
This is no option for me since the only reason I am using frame redirect is
to see domain1 in the browser address bar instead of domain2.

I guess the only possibility for me will be to move the domain1 to the
provider that also hosts domain2.

Thanks again and best regards
Dieter

"Walter Wang [MSFT]" said:
Hi Dieter,

Thanks for your detailed explanation. Now I have clearer picture of the
issue.

I believe this is because IE by default rejects cookies from a frame and
ASP.NET Forms Authentication needs the cookie to be accepted at client-side
to be considered as "logged in".

Here's some explanation and possible workarounds:

#ASP.NET Resources - Frames, ASPX Pages and Rejected Cookies
http://aspnetresources.com/blog/frames_webforms_and_rejected_cookies.aspx

I think the simplest workaround will be to prevent your login page from
putting in a frameset by using javascript below:

<script type="text/javascript">
if (top != self)
top.location.href = location.href;
</script>


Regards,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,901
Latest member
Noble71S45

Latest Threads

Top