J
jct
I am implementing a single sign-on system in ASP.Net. The technique I am
using is as defined by Paul Sheriff, in the MSDN article Single Sign-On
Enterprise Security for Web Applications.
http://msdn.microsoft.com/asp.net/u...l=/library/en-us/dnaspp/html/singlesignon.asp
I am running into a problem with the Forms Authentication on the internal
web site side. The article provides for the Internal Website (i.e. that one
called by a launcher app) to be secured using Forms Authentication, where
internal users connect to an AppLogin.aspx page, passing a security token,
generated by a launching application. The token is checked on the
AppLogin.aspx Page_Load.
My problem is I never get to the AppLogin.aspx Page_Load because I have not
authenticated. Instead I get to Login.aspx which is the loginUrl defined in
my Webconfig...
<authentication mode="Forms">
<forms name="SignOnTest" loginUrl="Login.aspx" />
</authentication>
The download sample for the article does not work properly as the webconfig
there has...
<authorization>
<allow users="*" />
</authorization>
which I believe negates the Forms Authentication.
My webconfig has this...
<authorization>
<deny users="?" />
</authorization>
If I change that the download behaves as my code does, and never gets to the
page that checks the security token passed by the launching app.
Does anybody have any ideas; I must be missing something obvious.
Much appreciated,
Justin
using is as defined by Paul Sheriff, in the MSDN article Single Sign-On
Enterprise Security for Web Applications.
http://msdn.microsoft.com/asp.net/u...l=/library/en-us/dnaspp/html/singlesignon.asp
I am running into a problem with the Forms Authentication on the internal
web site side. The article provides for the Internal Website (i.e. that one
called by a launcher app) to be secured using Forms Authentication, where
internal users connect to an AppLogin.aspx page, passing a security token,
generated by a launching application. The token is checked on the
AppLogin.aspx Page_Load.
My problem is I never get to the AppLogin.aspx Page_Load because I have not
authenticated. Instead I get to Login.aspx which is the loginUrl defined in
my Webconfig...
<authentication mode="Forms">
<forms name="SignOnTest" loginUrl="Login.aspx" />
</authentication>
The download sample for the article does not work properly as the webconfig
there has...
<authorization>
<allow users="*" />
</authorization>
which I believe negates the Forms Authentication.
My webconfig has this...
<authorization>
<deny users="?" />
</authorization>
If I change that the download behaves as my code does, and never gets to the
page that checks the security token passed by the launching app.
Does anybody have any ideas; I must be missing something obvious.
Much appreciated,
Justin