FormsAuthentication ReturnUrl - need it to be Absolute

[Guest]

My google skills must be dwindling. I am trying to determine how in ASP.NET
2.0 I can get the ReturnUrl querystring variable in Forms Authentication to
contain the absolute url.

Just like others that have posed this question, we are an enterprise
environment that has multiple websites across multiple servers and we are
trying to setup Web SSO for our public internet site that will be accessible
by our clients.

ASP.NET seems to have half the equation. I can setup the machine key so the
one cookie can be read by all of the web apps but if the Login page contained
in its own central site is unable to send the user back, not a very nice
experience for them.

I tried the one post I found about having code in the
Application_AuthenticateRequest of Global.asax in each client web app (here
it is written in Csharp):
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
//Setup the return URL to be full path of my application
if (!Request.IsAuthenticated)
{
HttpCookie formCookie = new
HttpCookie(FormsAuthentication.FormsCookieName);

formCookie.Values["RequestURL"] = Request.Url.AbsoluteUri;
Request.Cookies.Add(formCookie);
}
}

But I can't get it to work. The cookie I added here is gone by the time it
gets to my Login page on the other site (which is just another virtual folder
on my dev machine right now).

Plus, this means I would have to ask every single web app team going forward
to put this code into their apps. Having to touch web.config for all of the
apps is ugly enough (to turn on Forms Authentication and set the login page).

I would rather get my hands on an assume-I-am-a-newbie guide to getting ADFS
Web SSO working. But this is all I have to work with for now.

Noremac

 

[Steven Cheng[MSFT]]

Hello Noremac,

From your description, I understand you have multiple ASP.NET applications
which are using forms authentication to protect the application. Curerntly
you're trying to make the applications share the same forms authentication
cookie/ticket so as to make the users in those applications
single-signing(SSO), correct?

Based on my experience, though the ASP.NET application does support share
the forms authentication cookie across multiple applications, there has
many limitation on this. In addition to those forms authentication and
encryption key setting mentioned in the following article:

#Forms Authentication Across Applications
http://msdn2.microsoft.com/en-us/library/eb0zx8fc.aspx

You need to make sure that those different ASP.NET applications which want
to share the forms authentication cookie must be hosted on servers which
are accessed under the same top level domain. e.g.

the following two application can share cookie:

http://subxxx.mymaindomain.com/

http://mymaindomain.com/

while the below two can not share cookie

http://mydomain1.com/

http://mydomain2.com


Therefore, you need to make sure the applications in your environment meet
the above requirements.

As for pass the redirecturl(the original url visited) to the login form,
the cookie approach does be workable. I've tested it in my local test
environment. Actually, you need to add the cookie into the
HttpResponse.Cookies collection(rather than Request.cookies). Also, you
need to use a different cookiename from the
FormsAuthentication.FormsCookiePath. And make sure the Cookie's DomainName
and path is identitcal to the formsauthentication's settign. Here is my
test code whch works well in my local test.

protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
if (!Request.IsAuthenticated)
{
HttpCookie formCookie = new
HttpCookie(FormsAuthentication.FormsCookieName + "redirecturl");

formCookie.Domain = FormsAuthentication.CookieDomain;
formCookie.Path = FormsAuthentication.FormsCookiePath;


formCookie.Value = Request.Url.AbsoluteUri;

Response.Cookies.Add(formCookie);
}

}
=============================


If the forms authentication cross site support doesn't suit your scenario.
I'm afraid you may need to consider implementing your custom SSO mechanism.
In addition, here are some other articles discussing on this topic.

http://weblogs.asp.net/scottgu/archive/2005/12/10/432851.aspx

http://www.codeproject.com/aspnet/aspnetsinglesignon.asp

Hope this helps. If there is anything unclear on this, please feel free to
let me know.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================



This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

Thanks Steven. Extremely helpful as always.

Hello Noremac,

From your description, I understand you have multiple ASP.NET applications
which are using forms authentication to protect the application. Curerntly
you're trying to make the applications share the same forms authentication
cookie/ticket so as to make the users in those applications
single-signing(SSO), correct?

Based on my experience, though the ASP.NET application does support share
the forms authentication cookie across multiple applications, there has
many limitation on this. In addition to those forms authentication and
encryption key setting mentioned in the following article:

#Forms Authentication Across Applications
http://msdn2.microsoft.com/en-us/library/eb0zx8fc.aspx

You need to make sure that those different ASP.NET applications which want
to share the forms authentication cookie must be hosted on servers which
are accessed under the same top level domain. e.g.

the following two application can share cookie:

http://subxxx.mymaindomain.com/

http://mymaindomain.com/

while the below two can not share cookie

http://mydomain1.com/

http://mydomain2.com


Therefore, you need to make sure the applications in your environment meet
the above requirements.

As for pass the redirecturl(the original url visited) to the login form,
the cookie approach does be workable. I've tested it in my local test
environment. Actually, you need to add the cookie into the
HttpResponse.Cookies collection(rather than Request.cookies). Also, you
need to use a different cookiename from the
FormsAuthentication.FormsCookiePath. And make sure the Cookie's DomainName
and path is identitcal to the formsauthentication's settign. Here is my
test code whch works well in my local test.

protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
if (!Request.IsAuthenticated)
{
HttpCookie formCookie = new
HttpCookie(FormsAuthentication.FormsCookieName + "redirecturl");

formCookie.Domain = FormsAuthentication.CookieDomain;
formCookie.Path = FormsAuthentication.FormsCookiePath;


formCookie.Value = Request.Url.AbsoluteUri;

Response.Cookies.Add(formCookie);
}

}
=============================


If the forms authentication cross site support doesn't suit your scenario.
I'm afraid you may need to consider implementing your custom SSO mechanism.
In addition, here are some other articles discussing on this topic.

http://weblogs.asp.net/scottgu/archive/2005/12/10/432851.aspx

http://www.codeproject.com/aspnet/aspnetsinglesignon.asp

Hope this helps. If there is anything unclear on this, please feel free to
let me know.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================



This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

Do you need to do something on the receiving end to read the cookie and
retreive the ReturnURL?

Can I use this method with the ASP.NET membership controls?