Last post Jun 18, 2015 03:25 AM by mhanisafa
Jun 17, 2015 09:43 AM|mhanisafa|LINK
i have 2 site ruining under sub domains ,
I've managed to make Data.mysite.com redirect to Auth.mysite.com when a user need to access authorized content on Data.mysite.com , i don;t want the user to be redirected to Auth and back to Data , i need to make the user login from the data site.
i've managed to call the login action on Auth.mysite.com with several ways ( post directly to it, or calling a GET version of it ... ) The login always successful on Auth site but the site response don't contain a cookie , that mean to Data site ,login didn't
my question is : can i call Login action from another site and successfully login and return a cookie?
Jun 17, 2015 11:06 PM|Weibo Zhang|LINK
What you want to achieve is SSO between two subdomains. I think you could first check whether the Auth.mysite.com could create a cookie when you directly log in it. The following articles show you how to implement the SSO, you could take a look.
If you have set the machine key and other settings in the web.config, you could refer to the following thread, it explains why a subdomain can’t get a cookie value. As the thread shows, you should set the cookie domain to equal “mysite.com”.
I hope it’s useful to you.
Jun 18, 2015 03:25 AM|mhanisafa|LINK
thanks for your time Wedibo,
I'm using MVC5 default identity membership temple for both sites ,
i was able to redirect to Auth site , login , and redirect to authorized page successfully , i want to popup a login dialog on Data site , inter user credentials and authenticate/login the user without redirecting the Auth
I've created s simple form on Data site
<form method="post" action="http://Auth.mydomain.com/Account/Login">
<!-- some input fields containing the values to post -->
<input type="text" name="Email" id="Email" value="value1" />
<input type="text" name="Password" id="Password" value="value1" />
<input type="checkbox" name="RememberMe " id="RememberMe " value="false" />
<input type="submit" value="Post to other site" />
everything work fine , post, validating credentials and redirecting back (I've modified the default login action to make this test , I've removed the [ValidateAntiForgeryToken] and didn't check for redirect to local address
), the problem is the response that came didn't have a cookie ,although the authentication is successful
so i can't access PageWithAuthorization , and I've redirect it login page again .
is it possible to call the default login Acton that came with identity system from another site throw Ajax or regular post ? without making the user redirect and redirect again