|
web
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Applications sharing Forms AuthenticationI am attempting to share forms authentication between two applications but running into problems. The documentation I've been able to dig up says (to summarize) if the the Web.Config settings are the same between the apps they should work happily together. The only difference I have between the apps Web.Config settings is their <forms> loginUrl, which isn't supposed to make a difference. App1 Web.Config: <authentication mode="Forms"> <forms name="AuthenticationCookie" loginUrl="login.aspx" protection="All" timeout="30" path="/"/> </authentication> App2 Web.Config: <authentication mode="Forms"> <forms name="AuthenticationCookie" loginUrl="/App1/login.aspx" protection="All" timeout="30" path="/"/> </authentication> You'll note that the the only change is loginUrl for App2 is updated to point to the login form of App1. Both apps have the same <authorization> tag: <authorization> <deny users="?" /> <!-- Deny all users --> </authorization> Neither app is set to encrypt the cookie data. The problem is that I never get sent back to the calling page in App2. The return url is correct (as seen in the address bar of the browser after being redirected to the login page). But after being authenticated, I just get redirected to the login page again. Login failures are being handled correctly, so I know I'm typing the username/password correctly. Any thoughts? This is because you being authenticated in App1 not App2. AFAIK, you cant
run two sessions in the same browser window. If you used Windows Integrated security, you could negate this issue altogether, but that of course depends on your configuration IE are these people all on a local nt network ? Show quoteHide quote "Sebastian" <nospam@undelivered.com> wrote in message news:O0vmCuoWGHA.3760@TK2MSFTNGP02.phx.gbl... > Hello, > I am attempting to share forms authentication between two applications but > running into problems. The documentation I've been able to dig up says > (to summarize) if the the Web.Config settings are the same between the > apps they should work happily together. The only difference I have > between the apps Web.Config settings is their <forms> loginUrl, which > isn't supposed to make a difference. > > App1 Web.Config: > <authentication mode="Forms"> > <forms name="AuthenticationCookie" > loginUrl="login.aspx" > protection="All" > timeout="30" > path="/"/> > </authentication> > > App2 Web.Config: > <authentication mode="Forms"> > <forms name="AuthenticationCookie" > loginUrl="/App1/login.aspx" > protection="All" > timeout="30" > path="/"/> > </authentication> > > You'll note that the the only change is loginUrl for App2 is updated to > point to the login form of App1. > > Both apps have the same <authorization> tag: > <authorization> > <deny users="?" /> <!-- Deny all users --> > </authorization> > > Neither app is set to encrypt the cookie data. > > The problem is that I never get sent back to the calling page in App2. The > return url is correct (as seen in the address bar of the browser after > being redirected to the login page). But after being authenticated, I > just get redirected to the login page again. Login failures are being > handled correctly, so I know I'm typing the username/password correctly. > > Any thoughts? They aren't on all on a local NT network, but forms authentication is
supposed to work across applications; see: <http://msdn2.microsoft.com/en-US/library/eb0zx8fc(VS.80).aspx> I don't see any reason to doubt this possibility either...both apps are running on the same server and giving the cookie the same name. Can anyone clarify what I'm missing here? Sebastian OHM ( One Handed Man ) wrote: Show quoteHide quote > This is because you being authenticated in App1 not App2. AFAIK, you cant > run two sessions in the same browser window. If you used Windows Integrated > security, you could negate this issue altogether, but that of course depends > on your configuration IE are these people all on a local nt network ? > Fair point, I know I have tried this in the past and didnt think this was
possible, so you have taught me somthing. Show quoteHide quote "Sebastian" <nospam@undelivered.com> wrote in message news:%23B0sy$MXGHA.3740@TK2MSFTNGP03.phx.gbl... > They aren't on all on a local NT network, but forms authentication is > supposed to work across applications; see: > <http://msdn2.microsoft.com/en-US/library/eb0zx8fc(VS.80).aspx> > > I don't see any reason to doubt this possibility either...both apps are > running on the same server and giving the cookie the same name. Can > anyone clarify what I'm missing here? > > Sebastian > > OHM ( One Handed Man ) wrote: >> This is because you being authenticated in App1 not App2. AFAIK, you cant >> run two sessions in the same browser window. If you used Windows >> Integrated security, you could negate this issue altogether, but that of >> course depends on your configuration IE are these people all on a local >> nt network ? >> Perhaps since I'm not defining a <machineKey> the validationKey is being
set to "autogenerate" making the second app unable to decrypt the cookie data the first app is creating. -Seb. That does look to be the issue. When I explicitly set the machineKey to
the same values in both Web.Config files, everything works fine. Does anyone know if there is a way to auto-generate keys so the two apps can share Forms Authentication w/o having to set the machineKey explicitly? 
Other interesting topics
How to make a copy of a developing VS05 application to another machine?
Calling dll functions from vb.net with pointer returns! Sorted array suggestions VB2005 -> OLEDB Connectivity question OptionExplicit programm crashs when instancing new object Retrieveing full Username from Enviroment? how to design shopping site How to Execute a cmd from a VB.net program Form fade in |
|||||||||||||||||||||||
