By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
425,587 Members | 1,891 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 425,587 IT Pros & Developers. It's quick & easy.

Single Sign on for web apps on same box

P: n/a
Quite a few months back, I was able to create a single sign on app for all
apps on a single box (perhaps a domain, but never tested) by setting the
auth cookie name to an identical value:

<authentication mode="Forms">
<forms name="SingleSignOn" loginUrl="login.aspx">
</authentication>

I could then surf from app to app on the same box and the cookie, named the
same, would allow me to bypass the logon form. I currently have an app in
Framework 1.1, and I get the following:

Default cookie - log into each app, each time, when I bounce from app to app
Cookies with same name - same behavior
Cookies with diff name - log in once to each app, can then surf back and
forth

The actual test code is as follows:

web.config
-----------
<authentication mode="Forms">
<forms name="test1" loginUrl="login.aspx" timeout="30"
slidingExpiration="true" path="/">
<credentials passwordFormat="Clear">
<user name="Joe" password="password" />
</credentials>
</forms>
</authentication>

<authorization>
<allow users="Joe" /> <!-- Allow all users -->
<deny users="?"></deny>
</authorization>

Login.aspx
-----------
private void LoginButton_Click(object sender, System.EventArgs e)
{
if(FormsAuthentication.Authenticate(NameText.Text, PasswordText.Text))
{
Session["ID"] = Session.SessionID;
FormsAuthentication.RedirectFromLoginPage("Joe", false);
}
else
{
BadPasswordLabel.Text = "This is not a valid login.";
}
}

My thought is either

a) The methodology changed in Framework 1.1
b) I am missing something I had working before

At present, this is not a major issue, but it is something that is bugging
me.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

************************************************** ********************
Think Outside the Box!
************************************************** ********************

Nov 17 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
If you ever have a problem, post here and your brain will figure it out.

Here is the single sign on using Forms Authentication:

1. Set up the authentication section:

<authentication mode="Forms">
<forms name="test1" loginUrl="login.aspx" timeout="30"
slidingExpiration="true" path="/">
<credentials passwordFormat="Clear">
<user name="Joe" password="password" />
</credentials>
</forms>
</authentication>

In this case, the password is embedded, but it will actually pull from a
database outside of test.

2. Set up a machine key (this is the missing link in my app):

<machineKey
validationKey="C50B3C89CB21F4F1422FF158A5B42D0E8DB 8CB5CDA1742572A487D9401E34
00267682B202B746511891C1BAF47F8D25C07F6C39A104696D B51F17C529AD3CABE"
decryptionKey="8A9BE8FD67AF6979E7D20198CFEA50DD3D3 799C77AF2B72F"
validation="3DES"
/>

I nabbed this from a site on the web, but it could have just as easily have
been created. The problem is each application creates its own key, if one is
not specified. In my case, as I bounced from app to app, each app rewrote
the cookie, using its own key. Thus, each new hit on the app, after a hit on
another app, caused re-authentication, as it was reading garbage (wrong
key).

3. Set up app authorization to force logon:

<authorization>
<allow users="Joe" />
<deny users="?">
</authorization>

4. Repeat for additional applications.

Now, I can bounce back and forth without problem.
--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

************************************************** ********************
Think Outside the Box!
************************************************** ********************
"Cowboy (Gregory A. Beamer)" <No************@comcast.netNoSpamM> wrote in
message news:Or**************@tk2msftngp13.phx.gbl...
Quite a few months back, I was able to create a single sign on app for all
apps on a single box (perhaps a domain, but never tested) by setting the
auth cookie name to an identical value:

<authentication mode="Forms">
<forms name="SingleSignOn" loginUrl="login.aspx">
</authentication>

I could then surf from app to app on the same box and the cookie, named the same, would allow me to bypass the logon form. I currently have an app in
Framework 1.1, and I get the following:

Default cookie - log into each app, each time, when I bounce from app to app Cookies with same name - same behavior
Cookies with diff name - log in once to each app, can then surf back and
forth

The actual test code is as follows:

web.config
-----------
<authentication mode="Forms">
<forms name="test1" loginUrl="login.aspx" timeout="30"
slidingExpiration="true" path="/">
<credentials passwordFormat="Clear">
<user name="Joe" password="password" />
</credentials>
</forms>
</authentication>

<authorization>
<allow users="Joe" /> <!-- Allow all users -->
<deny users="?"></deny>
</authorization>

Login.aspx
-----------
private void LoginButton_Click(object sender, System.EventArgs e)
{
if(FormsAuthentication.Authenticate(NameText.Text, PasswordText.Text))
{
Session["ID"] = Session.SessionID;
FormsAuthentication.RedirectFromLoginPage("Joe", false);
}
else
{
BadPasswordLabel.Text = "This is not a valid login.";
}
}

My thought is either

a) The methodology changed in Framework 1.1
b) I am missing something I had working before

At present, this is not a major issue, but it is something that is bugging
me.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

************************************************** ********************
Think Outside the Box!
************************************************** ********************

Nov 17 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.