Security across several apps

J

jib

Hi,

For some of you this must be elementary, sorry for being boring. I have
several ASP.NET apps that I want to secure. The way I am going about it, is
by having all apps set for Forms authentication. The login.aspx I have new
users redirect to is part of a Admin module (yet another ASP.NET app) that
handles all the trickery of verifying user names etc.

Seems so simple but it doesn't work. When users attempt to view any of the
applications' pages without being logged in (say app.aspx), they are indeed
redirected from app.aspx to the login.aspx page. However, after the
RedirectFromLogin() call in login.aspx, app.aspx does not see that the user
is authenticated and simply redirects to login.aspx again. Somehow I need to
feed the authorization through to app.aspx but have no idea how to do this.

Ideas anyone?

Jib
 
C

Chris Jackson

ASP.NET handles forms authentication through session variables. Each
application has its own session store, so your users are logged in to the
other application, but then are returned to the original application where
they do not have an entry in that application's session store. You need to
get the session state set within that specific application.
 
J

jib

Chris Jackson said:
ASP.NET handles forms authentication through session variables. Each
application has its own session store, so your users are logged in to the
other application, but then are returned to the original application where
they do not have an entry in that application's session store. You need to
get the session state set within that specific application.
Click to expand...

Thanks Chris, any code examples how I would obtain that session state?

Jib
 
C

Chris Jackson

The problem is that you have a separate AppDomain for each web application
that you create, and an assembly in one AppDomain can't gain access to
memory in another AppDomain without doing some tricks with remoting. Your
options are:

1. Create a single root application, with all other applications as child
applications
2. You persist your session information to a database, and then read it in
during authentication, redirecting to the login page if you don't find it
and logging in if you do
3. Repeating your authentication page in each of your applications
4. Use Windows Authentication, so a user will authenticate to all of your
sites using the credentials they signed in with
5. Use remoting to get access to the session information and get a local
instance during authentication

I am sure there are other options out there as well.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Role base security and RedirectUrl 3
Forms Authentication: Redirect to Unauthorized.aspx in subdirectories? 1
Redirecting to login page 0
Login control anf authentication. 1
Login Control /View problem 0
Restrict access to Classic ASP pages in web.config 2
forms authentication brings up dialog 0
security... 0

Members online

Total: 2,238 (members: 3, guests: 2,235)
Robots: 157

Forum statistics

Threads
474,136
Messages
2,570,797
Members
47,346
Latest member
Jason Calder

Latest Threads

Top