Hello, I was ask to pass a session from one application to another. This is so that only the admin is able to view specific pages. I tried the femiani code from codeproject but it didnt work. The 1st app, when entering the page, will immediately direct to
the 2nd app if the user is authenticated.
So now my supervisor suggest using sqlserver to store the session. The only problem is I am unsure how the 2nd app will be able to find the specific session in the sql server. I cannot use querystring as fear of sql injection occuring. Any ideas on what
ID and how the other app can obtain that ID? One person suggest using cookies, but all examples I've seen is using cookies in one app so I am unsure whether it will work for different apps. Any suggestions and ideas is very mmuch appreciated.
Hai, these are two applications, the only problem I have is the fact that the 2nd app does not have the same session as the 1st app. So I want to know how to share apps between applications. This is for authentication so if I use this method will it work
: http://msdn.microsoft.com/en-us/library/eb0zx8fc(VS.80).aspx
What you could do is create a Session table in your data base. each session would have an ID, a GUID, and a SessionExpire(DateTime).
Then you could save the GUID as a cookie. Then anytime a person hits a secure page in either app you check your Session table for the GUID. Then you could compare the SessionExpiration against DateTime.Now. As long as is not expired you allow access. This
would give you a "global session" between apps.
Another thing that would be better would also be to have an associated application table with each application you have. When you authenticat the user you could store the ID'd of the associated apps they are allowed to have access to in your sesssion table.
That way if you have people that can have access to just one app can be restricted to that app, and people that need access to both can have access to both.
hope it helps!
Doers get what they want! Everyone else gets what they get.
hmm, the 1st App, is where we store all the authenticated ID, the other apps are the normal websites which also contain only auth restricted pages. Your idea of storing guid in cookies is interesting. Does that mean a querystring will be created?? How will
the cookie be recognize by the 2nd app and how can I store the session in cookie??
This
link tells you everything you need to know about cookies in asp.net: reading, writing, modifying and deleting. Your going to have to write to logic to write the cookie, read the cookie, and restict access. cookies and query strings are two different things.
You could pass the GUID around in the url as a query string, but in my opinion its easier to use cookies.
Hope it helps!
Doers get what they want! Everyone else gets what they get.
You'll have to check to se if the cookie is there.
private Guid myGuid;
if(Request.Cookies["AuthCookie"] != null)
{
myGuid = new Guid();
myGuid = Request.Cookies["AuthCookie"] as Guid;
}
Then you'll have to call to your DB and check if the Guid is stored in it. If it is retreive the SessionExpiration value from the table and check that the session is still good. If it is allow access to the page if not redirect.
Hope it helps!
Doers get what they want! Everyone else gets what they get.
the code that you give is for the 1st or the 2nd App? Since the code looks like it is creating and assigning a cookie to the guid I am assuming it is for the 1st App. I am unsure on how to check see whether the cookie is there? Can you show me code to check
for cookie? And do I need to write anything in web.config, in order for both apps to be able to use the cookies??
colol
Member
117 Points
542 Posts
Help in session problems
Nov 07, 2012 11:33 PM|LINK
Hello, I was ask to pass a session from one application to another. This is so that only the admin is able to view specific pages. I tried the femiani code from codeproject but it didnt work. The 1st app, when entering the page, will immediately direct to the 2nd app if the user is authenticated.
This is how the code look like in the 1st app:
protected void Page_Load(object sender, EventArgs e) { string userName = Page.User.Identity.Name; bool result = b.Auth(userName); Session["Auth"] = result; if (result == true) { Response.Redirect("app1/admin/Default.aspx"); } else { Response.Redirect("app2/normal/error.aspx"); } }and the master page in app2 to allow only admin to enter:
protected void Page_Load(object sender, EventArgs e) { if (Session["Auth"] == null || false) { Response.Redirect("app2/normal/behind/Login.aspx"); } }So now my supervisor suggest using sqlserver to store the session. The only problem is I am unsure how the 2nd app will be able to find the specific session in the sql server. I cannot use querystring as fear of sql injection occuring. Any ideas on what ID and how the other app can obtain that ID? One person suggest using cookies, but all examples I've seen is using cookies in one app so I am unsure whether it will work for different apps. Any suggestions and ideas is very mmuch appreciated.
remojr76
Participant
902 Points
303 Posts
Re: Help in session problems
Nov 08, 2012 12:16 AM|LINK
You cannot check to see if the value is false there because your stored an object in the session not a boolean. This would be correct:
protected void Page_Load(object sender, EventArgs e) { if(Session["Auth"] != null) { bool result = (bool)Session["Auth"]; } else if(Session["Auth"] == null || result == false) { Response.Redirect("app2/normal/behind/Login.aspx"); } }hope it helps!
colol
Member
117 Points
542 Posts
Re: Help in session problems
Nov 08, 2012 12:31 AM|LINK
Hai, these are two applications, the only problem I have is the fact that the 2nd app does not have the same session as the 1st app. So I want to know how to share apps between applications. This is for authentication so if I use this method will it work : http://msdn.microsoft.com/en-us/library/eb0zx8fc(VS.80).aspx
remojr76
Participant
902 Points
303 Posts
Re: Help in session problems
Nov 08, 2012 12:41 AM|LINK
What you could do is create a Session table in your data base. each session would have an ID, a GUID, and a SessionExpire(DateTime).
Then you could save the GUID as a cookie. Then anytime a person hits a secure page in either app you check your Session table for the GUID. Then you could compare the SessionExpiration against DateTime.Now. As long as is not expired you allow access. This would give you a "global session" between apps.
Another thing that would be better would also be to have an associated application table with each application you have. When you authenticat the user you could store the ID'd of the associated apps they are allowed to have access to in your sesssion table. That way if you have people that can have access to just one app can be restricted to that app, and people that need access to both can have access to both.
hope it helps!
colol
Member
117 Points
542 Posts
Re: Help in session problems
Nov 08, 2012 12:52 AM|LINK
hmm, the 1st App, is where we store all the authenticated ID, the other apps are the normal websites which also contain only auth restricted pages. Your idea of storing guid in cookies is interesting. Does that mean a querystring will be created?? How will the cookie be recognize by the 2nd app and how can I store the session in cookie??
remojr76
Participant
902 Points
303 Posts
Re: Help in session problems
Nov 08, 2012 01:23 AM|LINK
This link tells you everything you need to know about cookies in asp.net: reading, writing, modifying and deleting. Your going to have to write to logic to write the cookie, read the cookie, and restict access. cookies and query strings are two different things. You could pass the GUID around in the url as a query string, but in my opinion its easier to use cookies.
Hope it helps!
colol
Member
117 Points
542 Posts
Re: Help in session problems
Nov 08, 2012 01:36 AM|LINK
thank you but how will the 2nd App recognize the cookie from the 1st App??
remojr76
Participant
902 Points
303 Posts
Re: Help in session problems
Nov 08, 2012 01:48 AM|LINK
You'll have to check to se if the cookie is there.
private Guid myGuid; if(Request.Cookies["AuthCookie"] != null) { myGuid = new Guid(); myGuid = Request.Cookies["AuthCookie"] as Guid; }Then you'll have to call to your DB and check if the Guid is stored in it. If it is retreive the SessionExpiration value from the table and check that the session is still good. If it is allow access to the page if not redirect.
Hope it helps!
colol
Member
117 Points
542 Posts
Re: Help in session problems
Nov 08, 2012 02:01 AM|LINK
the code that you give is for the 1st or the 2nd App? Since the code looks like it is creating and assigning a cookie to the guid I am assuming it is for the 1st App. I am unsure on how to check see whether the cookie is there? Can you show me code to check for cookie? And do I need to write anything in web.config, in order for both apps to be able to use the cookies??
remojr76
Participant
902 Points
303 Posts
Re: Help in session problems
Nov 08, 2012 02:20 AM|LINK
No that was how to read the cookie in the second app. You do not have to do anything in the web.config file.
this is how you write a cookie:
you should expire the cookie the same as the SessionExpiration value in the DB.
Hope it helps!