Single Sign on for web apps on same box

Discussion in 'ASP .Net' started by Cowboy \(Gregory A. Beamer\), Nov 5, 2003.

  1. Quite a few months back, I was able to create a single sign on app for all
    apps on a single box (perhaps a domain, but never tested) by setting the
    auth cookie name to an identical value:

    <authentication mode="Forms">
    <forms name="SingleSignOn" loginUrl="login.aspx">
    </authentication>

    I could then surf from app to app on the same box and the cookie, named the
    same, would allow me to bypass the logon form. I currently have an app in
    Framework 1.1, and I get the following:

    Default cookie - log into each app, each time, when I bounce from app to app
    Cookies with same name - same behavior
    Cookies with diff name - log in once to each app, can then surf back and
    forth

    The actual test code is as follows:

    web.config
    -----------
    <authentication mode="Forms">
    <forms name="test1" loginUrl="login.aspx" timeout="30"
    slidingExpiration="true" path="/">
    <credentials passwordFormat="Clear">
    <user name="Joe" password="password" />
    </credentials>
    </forms>
    </authentication>

    <authorization>
    <allow users="Joe" /> <!-- Allow all users -->
    <deny users="?"></deny>
    </authorization>

    Login.aspx
    -----------
    private void LoginButton_Click(object sender, System.EventArgs e)
    {
    if(FormsAuthentication.Authenticate(NameText.Text,PasswordText.Text))
    {
    Session["ID"] = Session.SessionID;
    FormsAuthentication.RedirectFromLoginPage("Joe", false);
    }
    else
    {
    BadPasswordLabel.Text = "This is not a valid login.";
    }
    }

    My thought is either

    a) The methodology changed in Framework 1.1
    b) I am missing something I had working before

    At present, this is not a major issue, but it is something that is bugging
    me.

    --
    Gregory A. Beamer
    MVP; MCP: +I, SE, SD, DBA

    **********************************************************************
    Think Outside the Box!
    **********************************************************************
     
    Cowboy \(Gregory A. Beamer\), Nov 5, 2003
    #1
    1. Advertising

  2. ANSWER: Single Sign on for web apps on same box

    If you ever have a problem, post here and your brain will figure it out.

    Here is the single sign on using Forms Authentication:

    1. Set up the authentication section:

    <authentication mode="Forms">
    <forms name="test1" loginUrl="login.aspx" timeout="30"
    slidingExpiration="true" path="/">
    <credentials passwordFormat="Clear">
    <user name="Joe" password="password" />
    </credentials>
    </forms>
    </authentication>

    In this case, the password is embedded, but it will actually pull from a
    database outside of test.

    2. Set up a machine key (this is the missing link in my app):

    <machineKey
    validationKey="C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E34
    00267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE"
    decryptionKey="8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F"
    validation="3DES"
    />

    I nabbed this from a site on the web, but it could have just as easily have
    been created. The problem is each application creates its own key, if one is
    not specified. In my case, as I bounced from app to app, each app rewrote
    the cookie, using its own key. Thus, each new hit on the app, after a hit on
    another app, caused re-authentication, as it was reading garbage (wrong
    key).

    3. Set up app authorization to force logon:

    <authorization>
    <allow users="Joe" />
    <deny users="?">
    </authorization>

    4. Repeat for additional applications.

    Now, I can bounce back and forth without problem.


    --
    Gregory A. Beamer
    MVP; MCP: +I, SE, SD, DBA

    **********************************************************************
    Think Outside the Box!
    **********************************************************************
    "Cowboy (Gregory A. Beamer)" <> wrote in
    message news:...
    > Quite a few months back, I was able to create a single sign on app for all
    > apps on a single box (perhaps a domain, but never tested) by setting the
    > auth cookie name to an identical value:
    >
    > <authentication mode="Forms">
    > <forms name="SingleSignOn" loginUrl="login.aspx">
    > </authentication>
    >
    > I could then surf from app to app on the same box and the cookie, named

    the
    > same, would allow me to bypass the logon form. I currently have an app in
    > Framework 1.1, and I get the following:
    >
    > Default cookie - log into each app, each time, when I bounce from app to

    app
    > Cookies with same name - same behavior
    > Cookies with diff name - log in once to each app, can then surf back and
    > forth
    >
    > The actual test code is as follows:
    >
    > web.config
    > -----------
    > <authentication mode="Forms">
    > <forms name="test1" loginUrl="login.aspx" timeout="30"
    > slidingExpiration="true" path="/">
    > <credentials passwordFormat="Clear">
    > <user name="Joe" password="password" />
    > </credentials>
    > </forms>
    > </authentication>
    >
    > <authorization>
    > <allow users="Joe" /> <!-- Allow all users -->
    > <deny users="?"></deny>
    > </authorization>
    >
    > Login.aspx
    > -----------
    > private void LoginButton_Click(object sender, System.EventArgs e)
    > {
    > if(FormsAuthentication.Authenticate(NameText.Text,PasswordText.Text))
    > {
    > Session["ID"] = Session.SessionID;
    > FormsAuthentication.RedirectFromLoginPage("Joe", false);
    > }
    > else
    > {
    > BadPasswordLabel.Text = "This is not a valid login.";
    > }
    > }
    >
    > My thought is either
    >
    > a) The methodology changed in Framework 1.1
    > b) I am missing something I had working before
    >
    > At present, this is not a major issue, but it is something that is bugging
    > me.
    >
    > --
    > Gregory A. Beamer
    > MVP; MCP: +I, SE, SD, DBA
    >
    > **********************************************************************
    > Think Outside the Box!
    > **********************************************************************
    >
    >
    >
     
    Cowboy \(Gregory A. Beamer\), Nov 5, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bill
    Replies:
    3
    Views:
    542
  2. Jimmy
    Replies:
    1
    Views:
    978
    Cowboy \(Gregory A. Beamer\)
    Nov 21, 2006
  3. Bill
    Replies:
    2
    Views:
    160
  4. Bill
    Replies:
    1
    Views:
    135
  5. Jimmy
    Replies:
    3
    Views:
    2,441
    shimmyshack
    Nov 20, 2006
Loading...

Share This Page