Last post Jun 14, 2010 03:52 AM by yogesh chandra upreti
Sep 06, 2006 06:08 AM|usmaniac4life|LINK
Using Forms Authentication
Forms Authentication should be used for Single sign on into Multiple Applications.
<forms name=".Website" loginUrl="login.aspx" protection="All" timeout="30" path="/"/>
where ".Website" is the name of the Cookie used to store user credentials for form authentication
Modifying the Machine Key
The machineKey element might be configured in the machine.config file or on every web.config application file sharing the Same Cookie. By Default the encryption key to encrypt cookie data is set to something like this in the machine.config file:
The "IsolateApps" means that a different key will be AutoGenerated for each application. This setting can be overridden by writing the following code in the Application's Web.config file:
The Machine key should be the same for all the applications sharing the same cookie (Using SSO).
Creating Domain Level Cookie to share same information between Applications
Here, we are using two domains:
The cookies will be stored in different files and will not be accessible to both applications. In order to make it work, we will need to create domain-level cookies that are visible to all sub-domains:
Dim fat As FormsAuthenticationTicket = New FormsAuthenticationTicket(1, Login1.UserName, DateTime.Now, DateTime.Now.AddYears(1), False, "")
Dim cookie As HttpCookie = New HttpCookie(".Web20Tools")
cookie.Value = FormsAuthentication.Encrypt(fat)
cookie.Expires = fat.Expiration
cookie.Domain = ".website.net"
Here, "cookie.Domain" specifies the name of the domain by which the cookie would be created. Hence if the Windows user has logged in with the account name as "Admin", the cookie would be created by the name:
The Data Of Expiry is exactly one year after the date of creation. The ticket name would be the same as the user name. So this can be decrypted on the other applications page Load when the request is redirected to another application.
The cookie is encrypted and then added to the response stream. This cookie can now be shared by any application sharing the same subdomain name
Note: For Domain wide authentication scenarios, you can set domain-wide cookie only for second level domain, or for third level domain if second level domain contains three or less characters. It means that you cannot set cookie for domain "com" or "co.in",
but can for "example.com" or "example.co.in".
Simulation of the Live Site
Now to simulate the setup of the live sites, we need to add entries into the Hosts file, which is present at:
C:/WINDOWS/SYSTEM32/DRIVERS/ETC (Windows XP)
C:/WINNT/SYSTEM32/DRIVERS/ETC (Windows 2000, NT)
The entries would be as follows:
This would help emulate the site on local server so that the cookies can be shared. The applications can be accessed after creating their virtual directories:
Now to check whether the cookie has been created or not, the cookie created can be found at:
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\
where "Default user" will be the name of the user who has logged in.
An alternative method to check the cookie creation is to go to the Internet Explorer's Tools Menu -> Internet Options -> Click on Privacy Tab -> Click Advanced Button .
select "Override Automatic Cookie Handling" and then select the radio buttons for "First Party Cookies" and "Third Party Cookies" as "Prompt".
Doing this will enable prompting before cookie creation where the cookie name and the date of expiry can be tracked.
Logging Out of the Application
While Logging out of the application, the Expiration date of the Cookie should be set to a past date for the cookie to get deleted. The cookie should be fetched first using the httpcontext class and then the expiry date should be changed.
Dim httpWebcookie As HttpCookie
httpWebcookie = Request.Cookies(".Website")
httpWebcookie.Domain = ".website.net"
httpWebcookie.Expires = DateTime.Now.AddYears(-3)
Hope that this Article proves to be Useful for you guys.
FormsAuthentication Active Directory
Apr 05, 2007 07:10 AM|chirag_darji|LINK
Thanks for your artcle. There some some more information abt single sign on
Hope you like it.
Sep 11, 2008 04:17 AM|vmanzu_1977|LINK
Thanks for the nice article . I have these questions
1) Will this work if the two sites are on different boxes?
2) Will it work behind a NLB ?
Jun 14, 2010 03:52 AM|Yogesh Chandra Upreti|LINK
Thanks for such a nice information.
Yogesh Chandra Upreti