Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Apr 27, 2012 01:45 PM by lak_2011
Apr 19, 2012 08:56 PM|LINK
What is a best way to share authentication between a dotnet site and a word press site?
Apr 19, 2012 09:02 PM|LINK
If you have app1.blah.com and app2.blah.com, it's very easy to do. Just set the domain and the name to the same value in the forms-section in web.config:
<authentication mode="Forms"> <forms loginUrl="login.aspx" name=".COOKIENAME" protection="All" path="/" domain="blah.com" timeout="30" /> </authentication>
An added benefit is that users can sign into either site and will still be authenticated if they go to the other one.
Apr 23, 2012 07:51 AM|LINK
As other members have suggested, the most common ways for sharing authentication info across different sites are using cookie. By default, HTTP cookie support sharing between multiple sites that are under the same parent/base domain name. e.g.
abc.microsoft.com def.microsoft.com xyz.microsoft.com microsoft.com
these sites can share cookie stored at the root domain path naturally. While sharing cookie across different domain will require additional work on the sites that need to share cookie between each other. Here are some web reference:
#Sharing Cookies Across Domains
#Forms Authentication Across Applications
Also, it is also possible to leverage some 3rd party centralized authentication service such as the Windows Live ID authentication for sharing authentication info acrossed multiple site/web applications.
#Windows Live ID Web Authentication SDK
Apr 26, 2012 05:56 PM|LINK
Thanks for reply.
my situation is like this.
I have a web application (C# - ASP.net) that needs to pass a user to another site(word press site) which is running on different server. I need to be able to pass a user creditentials to this server to allow users authenticated by my application to use word
press site without being prompted to enter credentials. it should be secure. for this situation can i share cookies(encrypted)?
Apr 27, 2012 02:22 AM|LINK
Thanks for followup.
It is important that whether the wordpress target site is also controlled by you(you can add code logic on it)? If not, I'm afraid that what we can do is quite limited. Sharing cookie between web sites (under different domain) is prohibited due to security
reason (for most mainstream browsers). And for such scenario, your web app and the wordpress web app need to define a custom authentication process for them to communicate with each other. Such as use querystring to pass some encrypted security token which
can be used for verify if the current user has been authenticated or not.
Apr 27, 2012 01:45 PM|LINK
I can add code on wordpress site.