SSO with FormsAuthntication authenticating in a single site

Discussion in 'ASP .Net Security' started by Arturo Martinez, Mar 9, 2009.

  1. We are working on a few portals. The system design is set to authenticate in
    a single site because we only want to purchase one ssl certificate for the
    whole system.
    The whole authentication works just fine between all the sites. The problem
    is that when being redirected after login to the system the page cannot be
    found of course because forms authentication only sends the the absolute path
    of the protected page in the ReturnUrl QueryString variable.
    In order to get to the page I need to reenter the initial Url and I'm logged
    in.

    Current situation:

    http://site1.domain.com/protectedpage.aspx --> redirects to
    https://ssl.domain.com/login/?ReturnUrl=protectedpage.aspx

    Wanted situation:

    http://site1.domain.com/protectedpage.aspx --> redirects t
    https://ssl.domain.com/login/?ReturnUrl=http://site1.domain.com/protectedpage.aspx

    Is it possible to inject more text to the ReturnUrl variable within
    FormsAuthenticationModule before redirection?
    If I try to redirect to the login page on Application_AuthenticateRequest
    with my own code I'm being sent to the login page over and over.

    I'm also being sent to the login page even when trying to access non
    protected pages.

    I already know how to set authorization for different locations in
    web.config so this is not the issue.

    Please help
     
    Arturo Martinez, Mar 9, 2009
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.