473,750 Members | 2,308 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

forms authentication and simulating

I have one application that is used within our intranet that places a forms auth cookie for our domain (for intranet purposes only). All other applications rely on this cookie for authentication and user identification. i.e. on the 2nd applications if the cookie does not exist the user is redirected back to the primary app to get the forms authentication cookie
Now, if i want to run locally the 2nd application it is looking for a authentication cookie from the 1st one (on my localhost). So, currently the only way that i can run the 2nd app is to run the first app (the one that places the cookie) on my localhost. After the first app has ran i can now run the second application (as it can find a cookie on my local pc)

I use page.user.ident ity.name throughout the application to identify the end user. In hindsite this may not have been good idea due to my current problem

I have the forms authentication cookie set for a domain level. Why does the 2nd application not accept the cookie that was placed by the production environment forms authentication application? Any suggestions would be greatly appreciated.
Nov 18 '05 #1
7 2496
Hi Dy,

From your description, you'd like to implement the FormsAuthentica tion
cross multi asp.net web application on separate machines in the local
intranet, yes?

Based on my understanding, the key point of the FormsAuthentica tion
acrossing multi web application is to shared the Authentication
cookie(token) across multi application. To resolve this , we have to make
some certain attributes under the <forms> element must be identical across
all the applications participating the webfarm authentication, they're
name, protection, path, validationKey, decryptionKey, and validation.
Here is the certain reference in MSDN:

#Forms Authentication Across Applications
http://msdn.microsoft.com/library/en...sauthenticatio
nacrossapplicat ions.asp?frame= true

Please have a check to see whether all the settings are identical in your
two web applications. If you have any new findings, please feel free to
post here. Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Nov 18 '05 #2
Thank you very much. Late last night I figured this out.

A significant source of my problem was that when testing on my localhost it was not working. Apparently when accessing the 2nd application on my local pc i must use http://{nodename}.{dom ain}.com to access the application not http://localhos
Please confirm that this is correct. Is there another work around

Is there a work around so that when debugging it will access the local pages via the http://nodename ... format instead of http://localhost ? i.e. if i right click a page and tell it to use this page for startup it will go into debug mode via http://locahost/requestedpage.aspx instead of http://nodename.domain.com/requestedpage.asp

thanks for your quick response.
Nov 18 '05 #3
Hi Dy,

Thanks for the followup. I think you're correct, since the
FormsAuthentica tion's Authenticaiton Token is stored in client cookie by
default and the cookie is identify by the site's Domain name and path, so
if we don't use the correct domain name to visit the web application, the
cookie will fail to be shared.
Also, as for the debug problem, I'm afraid the "http://locahost" is the
fixed setting and it is only for single web application scenario. As for
your situation, you have multi-application need to use the same domain
name, I think you can manually visit the web application in IE browser and
use the Debug->processes to attach the aspnet_wp workerprocess to debug.
How do you think of this?

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Nov 18 '05 #4
" I think you can manually visit the web application in IE browser and
use the Debug->processes to attach the aspnet_wp workerprocess to
debug.
How do you think of this? "

This seems like it is a work around but will make debugging very
painful as for each time you run you need to click 4 buttons to enter
debug mode. Are there any other alternatives? We are using this
forms auth. ticket for all our intranet apps so this could be quite
annoying.

Any ideas?
thx
dave
Nov 18 '05 #5
Hi Dave,

After some further research, I think we can use F5 to debug the web project
via a specified url rather than the localhost. In fact, in VS.NET we can
set the web project's debug mode. Open the project's property Pages
select "Configurat ion Properties" -> "Debugging" and under the
"StartActio n" node, we can set the
"Debug Mode" property, by default it is project and the application's url
will be fixed with Http://locahost/app

However, we can change the mode to "Url" ,and then set the "StartUrl"
property as the page url we want to start with.
After that, when we push F5 to start debuging , the vs.net will launch the
IE window with the certain url setting above.

#Since we use this means to debug a local web application with a alias name
url, if we specify a remote application's url, we have to make sure the
current user account(should be a Domain Account in the local intranet) is
in the remote server's DebugUsers group

Here are some further reference will mention the security setting or
VS.NET remote debugging settings steps:

#Introduction to Web Application Debugging
http://msdn.microsoft.com/library/en...uctionToWebApp
licationDebuggi ng.asp?frame=tr ue

#HOW TO: Set Up and Use Remote Debugging in Microsoft Visual Studio .NET
http://support.microsoft.com/?id=318041

Hope also helps. Thanks.
Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx


Nov 18 '05 #6
"dave" <dy@onlinelg.co m> wrote in message
news:A7******** *************** ***********@mic rosoft.com...
Thank you very much. Late last night I figured this out.

A significant source of my problem was that when testing on my localhost it was not working. Apparently when accessing the 2nd application on my
local pc i must use http://{nodename}.{dom ain}.com to access the application
not http://localhost Please confirm that this is correct. Is there another work around?


Dave, you should be able to access both applications using http://localhost.
Simply use "" as your cookie domain.
--
John Saunders
jo************* *@hotmail.com
Nov 18 '05 #7
Hi Dave,

Have you had a chance to check out the suggestions in my last reply or have
you got any further ideas on this issue? If you have anything unclear or if
there're anything else we can help, please feel free to post here. Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Nov 18 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
6
4839
Secure and Unsecure Web Directories using Forms Authentication
by: Billy Jacobs | last post by:
I have a website which has both secure and non-secure pages. I want to uses forms authentication. How do I accomplish this? Originally I had my web.config file in the root with Forms Authentication set up and it worked just fine. Then I realized that I needed to have some pages unsecure. I then created 2 directories. One named Secure and the other named Public. I placed my web.config file in my
.NET Framework
3
4870
Forms authentication in a subfolder problem, please help
by: Kris van der Mast | last post by:
Hi, I've created a little site for my sports club. In the root folder there are pages that are viewable by every anonymous user but at a certain subfolder my administration pages should be protected by forms authentication. When I create forms authentication at root level it works but when I move my code up to the subfolder I get this error: Server Error in '/TestProjects/FormsAuthenticationTestingArea' Application.
ASP.NET
2
2513
Forms Authentication question: How to have some pages open and some requiring forms authentication
by: Eric | last post by:
I am trying to build an app where the stuff in the root directory is open to all, but anything under the Restricted directory requires you to login and I want to use Forms to do it. I'm having trouble getting the web.config to work properly. First I tried to have a second web.config in the sub directory with authentication and authorization set to forms, but it blew up. Next, I tried to modify the root web.config in the following manner...
ASP.NET
0
4241
ASP.NET Forms Authentication Best Practices
by: Anonieko Ramos | last post by:
ASP.NET Forms Authentication Best Practices Dr. Dobb's Journal February 2004 Protecting user information is critical By Douglas Reilly Douglas is the author of Designing Microsoft ASP.NET Applications and owner of Access Microsystems. Doug can be reached at doug@accessmicrosystems.com. --------------------------------------------------------------------------------
ASP.NET
7
2046
Trouble with forms authentication
by: Justin | last post by:
I am trying to password protect a subdirectory using forms authentication. I am using the "Location" tag to specify the directory to be protected. The login.aspx page is in the root directory of the app. Here is the web.config: <location path="Admin"> <system.web> <authentication mode="Forms"> <forms name="authAdmin" loginUrl="Login.aspx" protection="All" timeout="30"> <credentials passwordFormat="Clear"> <user name="Admin"...
ASP.NET
5
1666
Forms Auth. Question
by: V. Jenks | last post by:
Using forms authentication, can I control which pages and/or directories a user would have access to or is that only available with Windows authentication? Thanks!
ASP.NET
4
424
Forms Authentication
by: =?Utf-8?B?R3V1czEyMw==?= | last post by:
Hi, I created a web site on a remote server. To logon the user must enter a user id and password. The site is uses Forms Authentication. The web config file looks as follows: <configuration> <system.web> <customErrors mode="Off"/>
ASP.NET
4
5326
Forms authentication vs session variable
by: Bjorn Sagbakken | last post by:
In a web-application with login creds (user, pwd), these are checked against a user table on a SQL server. On a positive validation I have saved the userID, name, custno and role-settings in a userobject (custom build class) and added this to the session using as session variable like session For all other pages I have added a small test in the page_load event, basically testing if the session != null, but also checking if the...
ASP.NET
5
3565
Forms Authentication vs MembershipProvider
by: Rory Becker | last post by:
Having now created a Custom MembershipProvider that seems to work correctly with my Logon and ChangePassword controls, I am, as they say, a happy bunny. The next stange is to move on to the creation of content which adjusts based on the user. I have several pages which require a user to be logged on and several which do not. Prior to this point in time I have used 2 different master pages. one with a control which checks a session...
ASP.NET
0
8997
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
9568
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
9389
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
0
9256
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
1
6801
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6079
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
4709
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
4881
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
2
2794
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us