B
Beginner
I know this is an old question, but searching all over the internet plus
several MS security conferences, still haven't got a straight anwser.
Basically, the login.aspx is on one dedicated server in the domain using AD.
ASP.NET applications run on other servers (not neccessary in domain) and
trying to use authentication server. How could this be done?
- Most response says you need to set MachineKey the same, but that doesn't
seem to work
- There's one article says the login.aspx needs to set a third-party cookie
for the requester in order for them to retrieve (sounds reasonable, any
examples?) Any workaround if not so sure about browser privacy settings?
- Can I use Server.Transfer to pass the cookie/ticket/principal to the
request page? Is that safe?
Anyway, the goal is have a central .NET based form authentication for all
our intra-net web applications.
Thanks.
several MS security conferences, still haven't got a straight anwser.
Basically, the login.aspx is on one dedicated server in the domain using AD.
ASP.NET applications run on other servers (not neccessary in domain) and
trying to use authentication server. How could this be done?
- Most response says you need to set MachineKey the same, but that doesn't
seem to work
- There's one article says the login.aspx needs to set a third-party cookie
for the requester in order for them to retrieve (sounds reasonable, any
examples?) Any workaround if not so sure about browser privacy settings?
- Can I use Server.Transfer to pass the cookie/ticket/principal to the
request page? Is that safe?
Anyway, the goal is have a central .NET based form authentication for all
our intra-net web applications.
Thanks.