Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Jun 21, 2012 06:02 AM by Rabih Matar
Jun 15, 2012 07:35 AM|LINK
I have a web application which requires to open several other applications via hyper links, can any body tell me what is the best practise would be ? would there be any complication when managing the sessions?
Jun 15, 2012 08:46 AM|LINK
I'd imagine one way to do would be by issuing some sort of authorisation cookie on the initial login
Jun 15, 2012 12:14 PM|LINK
What I understand from your question is that you are looking for Single-Sign on application implementation. Have a look at this link:
I hope you find it useful.
Jun 18, 2012 02:31 PM|LINK
Check the below useful links!
Hope it helps u...
Jun 18, 2012 09:55 PM|LINK
Try SAML (Security Assertion Markup Language) based SSO for multi-domain single sign-on. The following URL has some helpful links on implementing SAML based SSO using ASP.NET.
Hope this helps.
Jun 20, 2012 10:22 AM|LINK
In my case i have a link in my application that opens page in another application( i implemented below to access page without specifying login data again) -- In my senario (business limitation) i cannot use microsoft technology of single login
All the issue is around the applications should share same session(session variable can be read from all applications)
here i am making the 2 applications have same session db and an read sessions between themselves.
1-The two applications should be hosted on the same IIS
2- The two application should have the same application Name ( a setting added to the <sessionState .......></sessionState> in web config).
eg: <sessionState mode="SQLServer" sqlConnectionString="data source=.\;user id=qqq;password=qDqa0d21f@1;Application Name=TEST" timeout="30" />
3- A stored procedure ( dbo.TempGetAppID ) is modified to read application name setting. ( stored procedure in ASPState database)
4- the two applications should have the same domain name.
5- session timeout the same for both applications
Jun 21, 2012 03:53 AM|LINK
Thank you for your valuable information, let me explain my scenario, i have a web application which does not have database totally integrated with web services from a third party vendor, and they have a separate asp.net web application also. what i have
to do is if a end user logs into my application , by clicking a link he should be able to work in the site, as a logged in user and vice versa from that site to mine also,
my problem is how to achieve that., it would be great help if you provide a guidance..
thanks in advance,
Jun 21, 2012 06:02 AM|LINK
Please tell me if your scenario is like mine :
my scenario i have a web application and my partner has his web application, from my application i have links that target pages in partner's application, so we decided if a user is logged in from one application he should be considerd logged in in the other
First of all the users should exist in both applications ( in my scenario i am sending the email address to second application to check if user exists in partner's application)
(Email address is stored in a session variable), so i seeked a way so that second application can read this session.
The session state should be saved on server (MSSQL -- DataBase ASPSTATE), for the two applications to use same session id in aspstate db
i gaved the same application name for both application in their settings: here i gaved the value TEST
<sessionState mode="SQLServer" sqlConnectionString="data source=.\;user id=sa;password=sasql;Application Name=TEST" timeout="30" />
the stored procedure TempGetAppID in ASPSTATE DB should be altered as below :
ALTER PROCEDURE [dbo].[TempGetAppID]
@appId int OUTPUT
-- start change
-- Use the application name specified in the connection for the appname if specified
-- This allows us to share session between sites just by making sure they have the
-- the same application name in the connection string.
DECLARE @connStrAppName nvarchar(50)
SET @connStrAppName = APP_NAME()
-- .NET SQLClient Data Provider is the default application name for .NET apps
IF (@connStrAppName <> '.NET SQLClient Data Provider')
SET @appName = @connStrAppName
-- end change
SET @appName = LOWER(@appName)
SET @appId = NULL
SELECT @appId = AppId
WHERE AppName = @appName
IF @appId IS NULL BEGIN
SELECT @appId = AppId
FROM [ASPState].dbo.ASPStateTempApplications WITH (TABLOCKX)
WHERE AppName = @appName
IF @appId IS NULL
EXEC GetHashCode @appName, @appId OUTPUT
IF @@ERROR = 2627
DECLARE @dupApp tAppName
SELECT @dupApp = RTRIM(AppName)
WHERE AppId = @appId
RAISERROR('SQL session state fatal error: hash-code collision between applications ''%s'' and ''%s''. Please rename the 1st application to resolve the problem.',
18, 1, @appName, @dupApp)
You can do a test scenario create two small web applications and host them in your local IIS ( as i did)
from application 1 (on link click or whatever) give a value for session variable for eg let it be session["Login"] = 1 and redirect for the link in the second application
in second application test the session variable and see if it has value, and depending on value you know whether the user is logged in or not
(ofcurs if session is null then something is wrong and you were not able to share sessions between applications)
now lets continue :
From second application ( here i provide you with code from my application where Session["TVTCUser"] is the variable passed from first application with my own logic ) i wrote the following :
if (Session["TVTCUser"] != null)
string emailAddress = Session["TVTCUser"].ToString();
if (UserAccountIsDuplicateEmail("", emailAddress))
string userName = new ProviderMembership().Membership.GetUserNameByEmail(emailAddress);
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, userName, DateTime.Now, DateTime.Now.AddMinutes(30), false, "", FormsAuthentication.FormsCookiePath);
string encTicket = FormsAuthentication.Encrypt(ticket);
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
Response.Redirect(FormsAuthentication.GetRedirectUrl("", false), false);