I am working on a system composed of two domains. The main website has a login box with takes the users info with their site name and redirect them the the correct domain or website.
I can't make it, so once passing the encrypted information the next domain login page, authenticate the user and foward the request toi default page it would redirect them back the it's login page.
What am I doing wrong?
Main Page Login Page.
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
SiteInfo site;
string redirectUrl = "";string siteName = ((TextBox)Login1.FindControl("siteName")).Text;
string loginName = ((TextBox)Login1.FindControl("UserName")).Text;string password = ((TextBox)Login1.FindControl("Password")).Text;if (siteName != "")
{
strConnections.TryGetValue(siteName.ToLower(),
out site);if (site != null)
{
redirectUrl = site.RedirectURL;
SymCryptography cryptic = new SymCryptography();
cryptic.Key =
"wqdj~yriu!@*k0_^fa7431%p$#=@hd+&";string EncryptedPass = cryptic.Encrypt(loginName + ":" + password);
HttpCookie hp = FormsAuthentication.GetAuthCookie(Login1.UserName, false);hp.Domain = "andrew.com";
Response.AppendCookie(hp);
Response.Redirect(redirectUrl + "/loginPage.aspx?name=" + Server.UrlEncode(EncryptedPass), true);
}
else
{
((Literal)Login1.FindControl("FailureText")).Text = "Incorrect login information, please try again.";return;
}
}
else
{
((Literal)Login1.FindControl("FailureText")).Text = "Please provide a site name.";return;
}
}
Website two loginpage.
if (Request["name"] != null)
{
//HttpCookie cookie = Request.Cookies[0];SymCryptography cryptic = new SymCryptography();
cryptic.Key =
"wqdj~yriu!@*k0_^fa7431%p$#=@hd+&";temp = cryptic.Decrypt(Request["name"].ToString());if(temp != string.Empty)
{
indx = temp.IndexOf(':');
loginame = temp.Substring(0, (temp.Length - (temp.Length - indx)));
password = temp.Substring(indx + 1, (temp.Length - (indx + 1)));
InvexError.LogFileName = @"c:\temp\errorLog.txt";InvexError.WriteError(new Exception(string.Format("loginname:{0} pass:{1}", loginame, password)));
if (Membership.ValidateUser(loginame, password))
{
// Create a new ticket used for authenticationFormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
// Ticket version
loginame,
// Username associated with ticket
DateTime.Now, // Date/time issued
DateTime.Now.AddMinutes(30), // Date/time to expire
true, // "true" for a persistent user cookie
null, // User-data, in this case the roles
FormsAuthentication.FormsCookiePath);// Path cookie valid for
// Encrypt the cookie using the machine key for secure transportstring hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(
FormsAuthentication.FormsCookieName, // Name of auth cookie
hash);
// Hashed ticket
// Set the cookie's expiration time to the tickets expiration timeif (ticket.IsPersistent) cookie.Expires = ticket.Expiration;
// Add the cookie to the list for outgoing response
Response.Cookies.Add(cookie);
Response.Redirect("default.aspx");
}
}
The global.asax file is:
protected void Application_AuthenticateRequest(Object sender,EventArgs e)
{
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity is FormsIdentity)
{
FormsIdentity id =(FormsIdentity)HttpContext.Current.User.Identity;FormsAuthenticationTicket ticket = id.Ticket;
// Get the stored user-data, in this case, our rolesstring userData = ticket.UserData;
string[] roles = userData.Split(',');HttpContext.Current.User = new GenericPrincipal(id, roles);
}
}
}
}
Any help, it would be apreciated.
Thanks.