Single Sign on for web apps on same box

Cowboy \(Gregory A. Beamer\)

Quite a few months back, I was able to create a single sign on app for all
apps on a single box (perhaps a domain, but never tested) by setting the
auth cookie name to an identical value:

<authenticati on mode="Forms">
<forms name="SingleSig nOn" loginUrl="login .aspx">
</authentication>

I could then surf from app to app on the same box and the cookie, named the
same, would allow me to bypass the logon form. I currently have an app in
Framework 1.1, and I get the following:

Default cookie - log into each app, each time, when I bounce from app to app
Cookies with same name - same behavior
Cookies with diff name - log in once to each app, can then surf back and
forth

The actual test code is as follows:

web.config
-----------
<authenticati on mode="Forms">
<forms name="test1" loginUrl="login .aspx" timeout="30"
slidingExpirati on="true" path="/">
<credentials passwordFormat= "Clear">
<user name="Joe" password="passw ord" />
</credentials>
</forms>
</authentication>

<authorizatio n>
<allow users="Joe" /> 
<deny users="?"></deny>
</authorization>

Login.aspx
-----------
private void LoginButton_Cli ck(object sender, System.EventArg s e)
{
if(FormsAuthent ication.Authent icate(NameText. Text,PasswordTe xt.Text))
{
Session["ID"] = Session.Session ID;
FormsAuthentica tion.RedirectFr omLoginPage("Jo e", false);
}
else
{
BadPasswordLabe l.Text = "This is not a valid login.";
}
}

My thought is either

a) The methodology changed in Framework 1.1
b) I am missing something I had working before

At present, this is not a major issue, but it is something that is bugging
me.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

*************** *************** *************** *************** **********
Think Outside the Box!
*************** *************** *************** *************** **********

Nov 17 '05 #1

Subscribe Reply

1530

Cowboy \(Gregory A. Beamer\)

If you ever have a problem, post here and your brain will figure it out.

Here is the single sign on using Forms Authentication:

1. Set up the authentication section:

<authenticati on mode="Forms">
<forms name="test1" loginUrl="login .aspx" timeout="30"
slidingExpirati on="true" path="/">
<credentials passwordFormat= "Clear">
<user name="Joe" password="passw ord" />
</credentials>
</forms>
</authentication>

In this case, the password is embedded, but it will actually pull from a
database outside of test.

2. Set up a machine key (this is the missing link in my app):

<machineKey
validationKey=" C50B3C89CB21F4F 1422FF158A5B42D 0E8DB8CB5CDA174 2572A487D9401E3 4
00267682B202B74 6511891C1BAF47F 8D25C07F6C39A10 4696DB51F17C529 AD3CABE"
decryptionKey=" 8A9BE8FD67AF697 9E7D20198CFEA50 DD3D3799C77AF2B 72F"
validation="3DE S"
/>

I nabbed this from a site on the web, but it could have just as easily have
been created. The problem is each application creates its own key, if one is
not specified. In my case, as I bounced from app to app, each app rewrote
the cookie, using its own key. Thus, each new hit on the app, after a hit on
another app, caused re-authentication, as it was reading garbage (wrong
key).

3. Set up app authorization to force logon:

<authorizatio n>
<allow users="Joe" />
<deny users="?">
</authorization>

4. Repeat for additional applications.

Now, I can bounce back and forth without problem.
--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

*************** *************** *************** *************** **********
Think Outside the Box!
*************** *************** *************** *************** **********
"Cowboy (Gregory A. Beamer)" <No************ @comcast.netNoS pamM> wrote in
message news:Or******** ******@tk2msftn gp13.phx.gbl...

Quite a few months back, I was able to create a single sign on app for all
apps on a single box (perhaps a domain, but never tested) by setting the
auth cookie name to an identical value:

<authenticati on mode="Forms">
<forms name="SingleSig nOn" loginUrl="login .aspx">
</authentication>

I could then surf from app to app on the same box and the cookie, named the same, would allow me to bypass the logon form. I currently have an app in
Framework 1.1, and I get the following:

Default cookie - log into each app, each time, when I bounce from app to app Cookies with same name - same behavior
Cookies with diff name - log in once to each app, can then surf back and
forth

The actual test code is as follows:

web.config
-----------
<authenticati on mode="Forms">
<forms name="test1" loginUrl="login .aspx" timeout="30"
slidingExpirati on="true" path="/">
<credentials passwordFormat= "Clear">
<user name="Joe" password="passw ord" />
</credentials>
</forms>
</authentication>

<authorizatio n>
<allow users="Joe" /> 
<deny users="?"></deny>
</authorization>

Login.aspx
-----------
private void LoginButton_Cli ck(object sender, System.EventArg s e)
{
if(FormsAuthent ication.Authent icate(NameText. Text,PasswordTe xt.Text))
{
Session["ID"] = Session.Session ID;
FormsAuthentica tion.RedirectFr omLoginPage("Jo e", false);
}
else
{
BadPasswordLabe l.Text = "This is not a valid login.";
}
}

My thought is either

a) The methodology changed in Framework 1.1
b) I am missing something I had working before

At present, this is not a major issue, but it is something that is bugging
me.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

*************** *************** *************** *************** **********
Think Outside the Box!
*************** *************** *************** *************** **********

Nov 17 '05 #2

Similar topics

2295

Single Sign On Web Site

by: Rodney Lane | last post by:

Hi I am investigating the possibility writing an application which uses single sign on with ASP.Net / VB.Net and was wondering if anyone has endeavoured to do this yet. I will most likely be using Site Minder as the single sign on engine, and building the ASP.Net front end to drive it. Does anyone know where I can find some code on how to manipulate standard

ASP.NET

2327

Using Single Database for state w/ multiple web apps

by: Jeff | last post by:

We have multiple ASP.Net web apps in development. As a standard we are looking to go with SQL Server to hold state information. Can we have the multiple apps all point to a single State DB? Or do we need to install multiple instances of the State database on to the SQL Server (one for each Web app)? It would seem that you could run into troubles pointing several web apps at the same DB, because you would introduce the possibility (a...

ASP.NET

2945

Single Sign On with ASP.NET and Cold Fusion

by: Ralph | last post by:

I am setting up an ASP.NET application that will require external users to login. Currently we run both Cold Fusion and ASP.Net. Can someone explain if and how I can create a single sign on for applications written on both platforms. So if a user logs into an ASP.Net application then jumps to a ColdFusion area they will not have to login in again. Thanks a lot

ASP.NET

2322

Single Sign On

by: EricMatz | last post by:

I work for a medium-sized insurance company, developing web-based systems for our independent agents. There are four primary applications we provide - one that serves as an agent portal (ASP), and three others that serve applications specific to each line of business (one ASP, two ASP.NET). Each of these applications reside on their own server/environment, all of which are in the same AD domain. We also have multiple top-level domains...

ASP.NET

2696

Single Sign On in Web Application & WinForm Application

by: Yavuz Bogazci | last post by:

Hi, i have a question: I have a ASP.Net based WebApplication where Users have to Login to authenticate. I have a Desktop App wich needs the same Auth. information, too. But i have solved it in the way, that the user has to login in both Apps separate. The Users doesn't want such a solution. How can i realize a SIngleSignOn for both Apps? Perhaps Cookies?

Visual Basic .NET

1436

Single Sign On / Authentication System?

by: Spam Catcher | last post by:

Hi all, I'm looking to implement a single sign on solution for .NET applications. This single sign on solution will need to work against a variety of back- end databases (i.e. SQL (mainly), Active Directory (some), Custom Data Sources (XML, MDB, Custom Web Service, etc). Is there any sample code on implementing a simple single sign on service? The app would need:

C# / C Sharp

2720

Multiple Websites and Single Sign in

by: Jai | last post by:

Hi, I have a problem related to Login System. I am developing 3 websites for some institution.Now they want that if anybody had sign up for there site1.com(say), than he or she should be able to sign in for site2.com and site3.com. hence, if user has sign up for the membership of site1.com than he/she should automicallly become the member of site2.com and site3.com.

ASP.NET

2564

Single sign-on solution for .NET

by: =?ISO-8859-1?B?UOVs?= | last post by:

Hi, I need a simple single sign-on solution for .NET. The solution needs to support both windows and web. So, basically what I need is a solution where I log in once and then can access other applications and webpages on the intranet. I can't use Active Directory. Can anybody point me in the right direction?

C# / C Sharp

4336

Are there any FOSS Python Single-Sign-on Servers?

by: Phillip B Oldham | last post by:

Are there any FOSS Python Single-Sign-on Servers? We're looking to centralise the sign-on for our numerous "internal" webapps (across multiple servers, languages, and domains) to speed user management and application development. I've searched around but can only seem to find OpenID servers, which will probably be too "open" for our needs. Coding one up would possibly take more time than we have, and we'd prefer something maintained...

Python

8991

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

8830

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...

Windows Server

9541

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

9321

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

9247

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...

General

6074

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

3312

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp

2782

How to add payments to a PHP MySQL app.

by: muto222 | last post by:

How can i add a mobile payment intergratation into php mysql website.

PHP

2215

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General