473,326 Members | 2,732 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

Sharing login between different domain (again)

Sorry about my last post. There seems to be a bug in my newsreader-software.

My company (companyA) has bought companyB.
The website of companyA is www.companyA.com and comanyB's website is www.comanyb.com
Management want users logged in on www.companya.com to be automatically logged

in on www.companyb.com (and vice versa).
I was thinking of using the same stateserver from www.companya.com and www.companyb.com.
The problem with that solution is that the sessionid-cookie is not shared
from www.companya.com to www.companyb.com
IE: if the sessionid-cookie is not shared the user gets different session-ids

on the different web-servers and the
login is not shared.
Should I rewrite the HttpSessionState module to provide custom cookies?
Is there another solution to this problem?

/Nisse, Ni***@online.nospam
Nov 19 '05 #1
5 4570
I am thinking of <sessionState mode="SqlServer" ... >

If you provide the same connection string to both application won't
this do the trick? This is just a suggestion, I haven't tried it, but
you can, if you have Sql Server running somewhere.

And why you need to share the same SessionState, is there any reason
for this beside the commong login mechanism? Because this can be
achieved programatically in different ways - just use a common user
database.

Nov 19 '05 #2
the browser will not share cookies between your sites unlues you change the
sites to have a common domain root (www.companya.newdomain.com and
www.comapnyb.newdomain.com). if the users get from one site to the other
through links on the sites, you pass a sessionid thru the link
(querystring), but this won't work with saved links or favs.

-- bruce (sqlwork.com)
"Nils Hedström" <Ni***@online.nospam> wrote in message
news:13*********************@msnews.microsoft.com. ..
| Sorry about my last post. There seems to be a bug in my
newsreader-software.
|
| My company (companyA) has bought companyB.
| The website of companyA is www.companyA.com and comanyB's website is
www.comanyb.com
|
|
| Management want users logged in on www.companya.com to be automatically
logged
|
| in on www.companyb.com (and vice versa).
| I was thinking of using the same stateserver from www.companya.com and
www.companyb.com.
| The problem with that solution is that the sessionid-cookie is not shared
| from www.companya.com to www.companyb.com
| IE: if the sessionid-cookie is not shared the user gets different
session-ids
|
| on the different web-servers and the
| login is not shared.
| Should I rewrite the HttpSessionState module to provide custom cookies?
| Is there another solution to this problem?
|
| /Nisse, Ni***@online.nospam
|
|
Nov 19 '05 #3
Hi Nisse,

I think bruce's suggestion is reasonable. As for sharing logging between
multi sites, the asp.net 's formsauthentication did support cross
application authentication, but this is based on the multi applicaiton are
under the same public domain. This is because such authentication token is
normally stored in cookie which is identify by two things: domainname and
path , if the two sites have different internet domainname, the cross
application approach nolonger work. Currently I think there haven't any
good means except we use some global login system such as passport.

In addition, as for sharing sessionstate, I'm afraid this is also limited
since different application will have unique identity interanlly so that
the asp.net runtime will isolate their sessionstate even if we're using
SQLServer Session mode and sharing the same server for mantain session.
Maybe a custom session mechanism such as the custom SessionModule you
mentioned is required if you do need such behavior.

Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Nov 19 '05 #4
Hello bruce,
the browser will not share cookies between your sites unlues you
change the sites to have a common domain root
(www.companya.newdomain.com and www.comapnyb.newdomain.com).


Are you sure about this?
My tests indicate that the session-cookie has a host-value of the current
site. So the cookie is not shared (from companyb.companya.com to www.companya.com).
Unless I set a domain-value to the cookie ("companya.com") but it seems like
hard work to do this for session-cookies.

/Nisse <Ni***@online.nospam>

Nov 19 '05 #5
Hi Nisse,

Yes, cookie is identify by domainname and path value. By default the
domainname is the current page's server domain. In addition to this,
different browsers may have different cookie stored-path in the
clientside's temporary folder which may also break the single-sign-on. So
cookie-based solution is not quite solid for SSO.

Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Nov 19 '05 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: Jonas Daunoravicius | last post by:
We have 2 domains for internal purposes: one for users (have to login and domain has SSL) and another for sponsors (have to login and domain does NOT have SSL). Now when a user logs in and there...
0
by: Daniel Malcolm | last post by:
Hi I have a site where I would like some pages to be accessed via SSL (login and payment etc) and others via regular http. However I'm not sure whether Session state can be maintained between...
0
by: Martin | last post by:
I have 2 web sites on different domians bioth using Forms authentication , I have set the <Machine Key settings in the web config of both apps to use the same encryption keys etc. This should...
7
by: Nils Hedström | last post by:
I have a web farm that uses a state server for session management. A user logs on to a website (www1.mysite.com). When the same user visits www2.mysite.com I want the user to be logged in. Right...
6
by: =?Utf-8?B?UGFyYWcgR2Fpa3dhZA==?= | last post by:
Hi All, We have a requirement where we have to develop a custom Login Page which will accept user's NT credentials ( Username , password, domain name). This then needs to be passed to a website...
8
by: mc | last post by:
I would like to be able to send from an ASP.NET page an email which when recieved takes the form of a "Sharing Invitation for a RSS Feed"...
1
by: tanya.wang | last post by:
Hi all, We have a site called http://www.mydomainxyz.com/ and our network guy has set up load balancing with multiple IIS servers. We also have a function that allows users to upload photos on...
2
by: adam.waterfield | last post by:
Maybe someone could help me a little here. On a project I am working on, we have some LDAP authentication to Active Directory which allows users to login to our application - this is fine. When...
9
by: Josh | last post by:
I run a Joomla website and am familiar with php in some but not all aspects. Currently I am trying to find some solutions related to session handling. Am I correct in saying that "login" is kept...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.