Single sign on across domain

[Purushottam Khandebharad]

Hi,

I have to implement single sign on between 2 web application, 1st is
asp.net2.0 web app and 2nd is asp.net 1.1 web app, domains of both the
applications are diff.

I have already configured forms authentication for both the
applications and <<<its working if both the applications are on
"localhost" " >>> but if I try to use 2nd application on different
machine, the forms authentication ticket cookie created by first app is
not recognized by 2nd application.

P.S.: please be clear that i have used
1. same forms auth cookie name for both the apps
2. path is "/" for both
3. protection is "All" for both apps
4. Machine keys are same for both apps.

Configuration and code for bothe apps are as follows
---------------------------------------------------------------------------------------
Asp.net 2.0 App configuration
---------------------------------------------------------------------------------------

<system.web>
<authentication mode="Forms" >
<forms name=".AUTH"
loginUrl="Login.aspx"
protection="All"
domain=""
path="/"
timeout="20"
slidingExpiration="true"
enableCrossAppRedirects="true" />
</authentication>

<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>

<machineKey
validationKey='5C9D7A8F3E336275166075E596F19EB9B478F771C7FE45B65BF6E9B41BA9575F04672CCC4242B2245200CD0E63A8991CA6BFB2D77FE9C5B0D69889359574C5F3'
decryptionKey='AF96F355CEC57EFD2F996515BF465DD399FAF7B806B2CD55'
validation='SHA1'
decryption='3DES' />

</system.web>

---------------------------------------------------------------------------------------
code on login page login button click
---------------------------------------------------------------------------------------

FormsAuthentication.SetAuthCookie(TextBox1.Text.Trim(), false);

Response.Redirect(FormsAuthentication.GetRedirectUrl(TextBox1.Text.Trim(),
false));


---------------------------------------------------------------------------------------
Configuration for asp.net 1.1 application
---------------------------------------------------------------------------------------
<system.web>
<authentication mode="Forms" >
<forms name=".AUTH"
loginUrl="Login.aspx"
protection="All"
domain=""
path="/"
timeout="20"
slidingExpiration="true"/>
</authentication>

<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>

<machineKey
validationKey='5C9D7A8F3E336275166075E596F19EB9B478F771C7FE45B65BF6E9B41BA9575F04672CCC4242B2245200CD0E63A8991CA6BFB2D77FE9C5B0D69889359574C5F3'
decryptionKey='AF96F355CEC57EFD2F996515BF465DD399FAF7B806B2CD55'
validation='SHA1'/>

</system.web>

If anybody thinks that giving domain names (like "aap1.sso.com" and
"app2.sso.com") will work then let me clear my efforts on that , i
tried setting domain name for asp.net2.0 app in configuration of forms
authentication and it accepts domain name only when i use
cookieless="UseUri" but i am not able to configure domain name on 2nd
app ( asp.net 1.1) still it fails to authenticate when redirected to
2nd app( it asks for login again)

My requirement is bit urgent, it will be helpful if anybody gives me
solution soon

Thanks in advance

Regards,
Purushottam Khandebharad

 

[Joe Kaplan \(MVP - ADSI\)]

In order for the browser to replay the cookie to both apps, the cookie
domain should be part of a DNS domain that is shared by both apps. Thus, if
you have app1.yourdomain.com and app2.yourdomain.com, set the cookie domain
to yourdomain.com and the browser should replay the cookie to both apps when
visited using those DNS names.

If the apps don't share some part of a DNS name in common, you won't get
this to work. This is just how cookies work.

Joe K.

 

[Dominick Baier [DevelopMentor]]

if you don't have a contiguous domain namespace - as Joe already pointed
out - cookies will not work. Cookieless is the only option here.

 

[Purushottam Khandebharad]

Thanks Joe Kaplan, i will try your solution.