I have a web application which requires to open several other applications via hyper links, can any body tell me what is the best practise would be ? would there be any complication when managing the sessions?
Try SAML (Security Assertion Markup Language) based SSO for multi-domain single sign-on. The following URL has some helpful links on implementing SAML based SSO using ASP.NET.
Please remember to click “Mark as Answer” on the post that helps you and to unmark it if a marked post does not actually answer your question.
Thank you!
----------------------
"Microsoft Community Contributor Award 2011"
In my case i have a link in my application that opens page in another application( i implemented below to access page without specifying login data again) -- In my senario (business limitation) i cannot use microsoft technology of single login
All the issue is around the applications should share same session(session variable can be read from all applications)
here i am making the 2 applications have same session db and an read sessions between themselves.
1-The two applications should be hosted on the same IIS
2- The two application should have the same application Name ( a setting added to the <sessionState .......></sessionState> in web config).
Thank you for your valuable information, let me explain my scenario, i have a web application which does not have database totally integrated with web services from a third party vendor, and they have a separate asp.net web application also. what i have
to do is if a end user logs into my application , by clicking a link he should be able to work in the site, as a logged in user and vice versa from that site to mine also,
my problem is how to achieve that., it would be great help if you provide a guidance..
my scenario i have a web application and my partner has his web application, from my application i have links that target pages in partner's application, so we decided if a user is logged in from one application he should be considerd logged in in the other
application.
First of all the users should exist in both applications ( in my scenario i am sending the email address to second application to check if user exists in partner's application)
(Email address is stored in a session variable), so i seeked a way so that second application can read this session.
The session state should be saved on server (MSSQL -- DataBase ASPSTATE), for the two applications to use same session id in aspstate db
i gaved the same application name for both application in their settings: here i gaved the value TEST
the stored procedure TempGetAppID in ASPSTATE DB should be altered as below :
ALTER PROCEDURE [dbo].[TempGetAppID]
@appName tAppName,
@appId int OUTPUT
AS
-- start change
-- Use the application name specified in the connection for the appname if specified
-- This allows us to share session between sites just by making sure they have the
-- the same application name in the connection string.
DECLARE @connStrAppName nvarchar(50)
SET @connStrAppName = APP_NAME()
-- .NET SQLClient Data Provider is the default application name for .NET apps
IF (@connStrAppName <> '.NET SQLClient Data Provider')
SET @appName = @connStrAppName
-- end change
SET @appName = LOWER(@appName)
SET @appId = NULL
SELECT @appId = AppId
FROM [ASPState].dbo.ASPStateTempApplications
WHERE AppName = @appName
IF @appId IS NULL BEGIN
BEGIN TRAN
SELECT @appId = AppId
FROM [ASPState].dbo.ASPStateTempApplications WITH (TABLOCKX)
WHERE AppName = @appName
IF @appId IS NULL
BEGIN
EXEC GetHashCode @appName, @appId OUTPUT
INSERT [ASPState].dbo.ASPStateTempApplications
VALUES
(@appId, @appName)
IF @@ERROR = 2627
BEGIN
DECLARE @dupApp tAppName
SELECT @dupApp = RTRIM(AppName)
FROM [ASPState].dbo.ASPStateTempApplications
WHERE AppId = @appId
RAISERROR('SQL session state fatal error: hash-code collision between applications ''%s'' and ''%s''. Please rename the 1st application to resolve the problem.',
18, 1, @appName, @dupApp)
END
END
COMMIT
END
RETURN 0
------------------
You can do a test scenario create two small web applications and host them in your local IIS ( as i did)
from application 1 (on link click or whatever) give a value for session variable for eg let it be session["Login"] = 1 and redirect for the link in the second application
in second application test the session variable and see if it has value, and depending on value you know whether the user is logged in or not
(ofcurs if session is null then something is wrong and you were not able to share sessions between applications)
now lets continue :
From second application ( here i provide you with code from my application where Session["TVTCUser"] is the variable passed from first application with my own logic ) i wrote the following :
if (Session["TVTCUser"] != null)
{
string emailAddress = Session["TVTCUser"].ToString();
if (UserAccountIsDuplicateEmail("", emailAddress))
{
string userName = new ProviderMembership().Membership.GetUserNameByEmail(emailAddress);
roshan605
Member
38 Points
26 Posts
How to manage login to multiple sites from single login
Jun 15, 2012 07:35 AM|LINK
I have a web application which requires to open several other applications via hyper links, can any body tell me what is the best practise would be ? would there be any complication when managing the sessions?
Dr. Acula
Participant
1441 Points
319 Posts
Re: How to manage login to multiple sites from single login
Jun 15, 2012 08:46 AM|LINK
I'd imagine one way to do would be by issuing some sort of authorisation cookie on the initial login
Ebad86
Member
202 Points
37 Posts
Re: How to manage login to multiple sites from single login
Jun 15, 2012 12:14 PM|LINK
What I understand from your question is that you are looking for Single-Sign on application implementation. Have a look at this link:
http://forums.asp.net/post/2693763.aspx
I hope you find it useful.
roopeshreddy
All-Star
20119 Points
3320 Posts
Re: How to manage login to multiple sites from single login
Jun 18, 2012 02:31 PM|LINK
Hi,
Check the below useful links!
http://www.codeguru.com/csharp/.net/net_asp/tutorials/article.php/c19357/How-to-Share-SessionApplication-State-Across-Different-ASPNET-Web-Applications.htm
http://stackoverflow.com/questions/10391549/multiple-application-in-single-appdomain
http://stackoverflow.com/questions/5221715/multiple-applications-on-a-single-site-session-and-forms-authentication-scope
Hope it helps u...
Roopesh Reddy C
Roopesh's Space
santa_1975
Star
8574 Points
1499 Posts
Re: How to manage login to multiple sites from single login
Jun 18, 2012 09:55 PM|LINK
Try SAML (Security Assertion Markup Language) based SSO for multi-domain single sign-on. The following URL has some helpful links on implementing SAML based SSO using ASP.NET.
http://samlsso.codeplex.com/
Hope this helps.
Thank you!
----------------------
"Microsoft Community Contributor Award 2011"
Rabih Matar
Member
92 Points
33 Posts
Re: How to manage login to multiple sites from single login
Jun 20, 2012 10:22 AM|LINK
In my case i have a link in my application that opens page in another application( i implemented below to access page without specifying login data again) -- In my senario (business limitation) i cannot use microsoft technology of single login
All the issue is around the applications should share same session(session variable can be read from all applications)
here i am making the 2 applications have same session db and an read sessions between themselves.
1-The two applications should be hosted on the same IIS
2- The two application should have the same application Name ( a setting added to the <sessionState .......></sessionState> in web config).
eg: <sessionState mode="SQLServer" sqlConnectionString="data source=.\;user id=qqq;password=qDqa0d21f@1;Application Name=TEST" timeout="30" />
3- A stored procedure ( dbo.TempGetAppID ) is modified to read application name setting. ( stored procedure in ASPState database)
4- the two applications should have the same domain name.
5- session timeout the same for both applications
roshan605
Member
38 Points
26 Posts
Re: How to manage login to multiple sites from single login
Jun 21, 2012 03:53 AM|LINK
hi Rabih,
Thank you for your valuable information, let me explain my scenario, i have a web application which does not have database totally integrated with web services from a third party vendor, and they have a separate asp.net web application also. what i have to do is if a end user logs into my application , by clicking a link he should be able to work in the site, as a logged in user and vice versa from that site to mine also,
my problem is how to achieve that., it would be great help if you provide a guidance..
thanks in advance,
Rabih Matar
Member
92 Points
33 Posts
Re: How to manage login to multiple sites from single login
Jun 21, 2012 06:02 AM|LINK
Hi roshan,
Please tell me if your scenario is like mine :
my scenario i have a web application and my partner has his web application, from my application i have links that target pages in partner's application, so we decided if a user is logged in from one application he should be considerd logged in in the other application.
First of all the users should exist in both applications ( in my scenario i am sending the email address to second application to check if user exists in partner's application)
(Email address is stored in a session variable), so i seeked a way so that second application can read this session.
The session state should be saved on server (MSSQL -- DataBase ASPSTATE), for the two applications to use same session id in aspstate db
i gaved the same application name for both application in their settings: here i gaved the value TEST
<sessionState mode="SQLServer" sqlConnectionString="data source=.\;user id=sa;password=sasql;Application Name=TEST" timeout="30" />
the stored procedure TempGetAppID in ASPSTATE DB should be altered as below :
ALTER PROCEDURE [dbo].[TempGetAppID] @appName tAppName, @appId int OUTPUT AS -- start change -- Use the application name specified in the connection for the appname if specified -- This allows us to share session between sites just by making sure they have the -- the same application name in the connection string. DECLARE @connStrAppName nvarchar(50) SET @connStrAppName = APP_NAME() -- .NET SQLClient Data Provider is the default application name for .NET apps IF (@connStrAppName <> '.NET SQLClient Data Provider') SET @appName = @connStrAppName -- end change SET @appName = LOWER(@appName) SET @appId = NULL SELECT @appId = AppId FROM [ASPState].dbo.ASPStateTempApplications WHERE AppName = @appName IF @appId IS NULL BEGIN BEGIN TRAN SELECT @appId = AppId FROM [ASPState].dbo.ASPStateTempApplications WITH (TABLOCKX) WHERE AppName = @appName IF @appId IS NULL BEGIN EXEC GetHashCode @appName, @appId OUTPUT INSERT [ASPState].dbo.ASPStateTempApplications VALUES (@appId, @appName) IF @@ERROR = 2627 BEGIN DECLARE @dupApp tAppName SELECT @dupApp = RTRIM(AppName) FROM [ASPState].dbo.ASPStateTempApplications WHERE AppId = @appId RAISERROR('SQL session state fatal error: hash-code collision between applications ''%s'' and ''%s''. Please rename the 1st application to resolve the problem.', 18, 1, @appName, @dupApp) END END COMMIT END RETURN 0------------------
You can do a test scenario create two small web applications and host them in your local IIS ( as i did)
from application 1 (on link click or whatever) give a value for session variable for eg let it be session["Login"] = 1 and redirect for the link in the second application
in second application test the session variable and see if it has value, and depending on value you know whether the user is logged in or not
(ofcurs if session is null then something is wrong and you were not able to share sessions between applications)
now lets continue :
From second application ( here i provide you with code from my application where Session["TVTCUser"] is the variable passed from first application with my own logic ) i wrote the following :
if (Session["TVTCUser"] != null)
{
string emailAddress = Session["TVTCUser"].ToString();
if (UserAccountIsDuplicateEmail("", emailAddress))
{
string userName = new ProviderMembership().Membership.GetUserNameByEmail(emailAddress);
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, userName, DateTime.Now, DateTime.Now.AddMinutes(30), false, "", FormsAuthentication.FormsCookiePath);
string encTicket = FormsAuthentication.Encrypt(ticket);
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
GenerateLoginData(userName);
Response.Redirect(FormsAuthentication.GetRedirectUrl("", false), false);
}
}
Regards.