Single Sign On - Transfer of credential between webapps....

[aure_bobo]

Hi all,

I'm currently developing a system with several webapps in ASP.NET/C#.

One of my website is used to login user : I will call this website
Webapp1.

Depending on the user attributes, I will send the user to an another
website (let's Webapp2 in my example), where I would like to login
automatically the user with the credentials entered in WebApp1.

I've tried the following code from Webapp1 :
Server.Transfer("URLofWebApp2");

But an error occured :
System.ArgumentException: Invalid path for child request
'URLofWebApp2'. A virtual path is expected. at
System.Web.HttpServerUtility.ExecuteInternal(String path, TextWriter
writer, Boolean preserveForm) at
System.Web.HttpServerUtility.Transfer(String path, Boolean
preserveForm) at System.Web.HttpServerUtility.Transfer(String path) at
WebInterface_aur.Login.LoginButton_Click(Object sender, EventArgs e) in
y:\login.aspx.cs:line 116

It seams that Server.Transfer cannot be used between different
websites.

I don't want to pass the variables (credentials) by using the following
way for security aspect:
Response.Redirect("?URLofWebApp2name=" + UserName.Text + "+password=" +
Password.Text + "+domain=" + Domain.Text);

Anyone have an idea to solve this problem ?
Thank you
Auré

 

[Guest]

Here's a quick and dirty way:

In the web.config of both projects, change the authentication node to this:

<authentication mode="Forms">
<forms name="SampleAuth"
loginUrl="/TestWebApp2/Test.aspx"
slidingExpiration="true">
</forms>
</authentication>

Change the loginUrl to be that of your login page. Then change the
authorization node in the web.config to be this:

<authorization>
<deny users="?" />
</authorization>

In your login page, when you've authenticated the user, do this:

System.Web.Security.FormsAuthentication.RedirectFromLoginPage("Andy", true);

Now, in your other applications (Webapp2 for example), you can get at the
username ("Andy" in this case), by using:

System.Web.HttpContext.Current.User.Identity.Name


I'd recommend reading up on forms authentication and security.

 

[Guest]

Oops, almost forgot an important part. You'll also need to change the
machinekey node in your machine.config to not generate different keys for
different apps. Basically change it to something like this:

<machineKey validationKey="357356792679345184568256876535689056434617489465"
decryptionKey="357356792679345184568256876535689056434617489465"
validation="SHA1"/>

You'll want to provide your own values forthe keys. And like I said, read up

 

[aure_bobo]

Hi Andy,

Thank you for your answsers.

I will try your advices asap, but I've some questions and information
to add.

First of all, my WebApp1 is just a basic form where I'm going to check
if the user is belonging to the active directory and I retrieve his
group. Can I use C# ASP.NET forms authentication in this way ?

I don't have any machine.config file in my WebApps. Do I need to create
them ?
I'm using the Framework 1.1.

With your solution, do I use Response.Redirect or Server.Transfer to
launch my WebAppX ?

Thank you

Andy Luksic a écrit :

 

[Guest]

First of all, my WebApp1 is just a basic form where I'm going to check
if the user is belonging to the active directory and I retrieve his
group. Can I use C# ASP.NET forms authentication in this way ?

Yes, you can use AD to authenticate. I can't tell you how to do it off the
top of my head, but I'm sure if you Google it, you'll find some resources
that will help. At this point how you store and authenticate the user's
credentials is up to you.

I don't have any machine.config file in my WebApps. Do I need to create
them ?
I'm using the Framework 1.1.

The machine.config file isn't in your application, it's a "one per machine"
type of file. Here's where mine is located:

C:\WINNT\Microsoft.NET\Framework\v1.1.4322\CONFIG\machine.config

With your solution, do I use Response.Redirect or Server.Transfer to
launch my WebAppX ?

In my solution, when you user requests "/WebApp2/mypage.aspx", for example,
the config settings automatically take them to your login page in WebApp1 and
remembers the URL that they originally requested. Once you issue the
"System.Web.Security.FormsAuthentication.RedirectFromLoginPage("Andy",
true);" command, they are taken to the page that they originally requested,
only this time they're authenticated.

 

[Patrick.O.Ige]

yes you can use forms or even Windows Auth.
I blogged how to use a Role based Windows Auth here:-
http://spaces.msn.com/members/naijacoder/
Hope it helps
Patrick