What is the best way to pass a user identity between serveral ASP.NET web sites?

S

Stan

We have several intranet ASP.NET web sites. Users log on to the sites by
using form authentication and custom security (user names and passwords are
stored in the database).

If a user logs on to the first site and from within this site is redirected
to another one, we would like to pass its security information along, so the
user doesn't need to log on again.

I am thinking of making a gateway page that will have two url parameters,
user id and the url of the next page:

gateway.aspx?userId=123&nextPageUrl="somePage.aspx"

Is this the only way to achieve that?

Thanks,

-Stan
 
J

John Saunders

Stan said:
We have several intranet ASP.NET web sites. Users log on to the sites by
using form authentication and custom security (user names and passwords are
stored in the database).

If a user logs on to the first site and from within this site is redirected
to another one, we would like to pass its security information along, so the
user doesn't need to log on again.

I am thinking of making a gateway page that will have two url parameters,
user id and the url of the next page:

gateway.aspx?userId=123&nextPageUrl="somePage.aspx"

Is this the only way to achieve that?
Click to expand...

Stan,

You can continue using Forms Authentication on all the sites. Just use the
same cookie name for all sites, and a compatible domain name. For instance,
if your sites are http://a.b.company.com, http://b.b.company.com and
http://x.company.com, then you'll need to use "company.com" as the domain
for the cookie so that it will be sent to all three sites.

If the sites are on separate machines, you'll need to have the same
<machineKey> on all sites, either in the web.config of each site, or in the
machine.config of each machine.

Of course, this also means that if you use UserData on any site, that it
will have to be compatible with all of the other sites. For instance, if one
site puts a role list into UserData, you'll want all the sites to respect
that list, or at worst, to ignore it.

A common set of classes to implement this can be developed and then used on
each site. If you make the interface easy enough, you may not experience
much resistance in getting this implemented on all sites.

Good Luck,
John Saunders
Internet Engineer
(e-mail address removed)
 
J

Jason \(MFT1\)

Why not just use a database?




John Saunders said:
Stan,

You can continue using Forms Authentication on all the sites. Just use the
same cookie name for all sites, and a compatible domain name. For instance,
if your sites are http://a.b.company.com, http://b.b.company.com and
http://x.company.com, then you'll need to use "company.com" as the domain
for the cookie so that it will be sent to all three sites.

If the sites are on separate machines, you'll need to have the same
<machineKey> on all sites, either in the web.config of each site, or in the
machine.config of each machine.

Of course, this also means that if you use UserData on any site, that it
will have to be compatible with all of the other sites. For instance, if one
site puts a role list into UserData, you'll want all the sites to respect
that list, or at worst, to ignore it.

A common set of classes to implement this can be developed and then used on
each site. If you make the interface easy enough, you may not experience
much resistance in getting this implemented on all sites.

Good Luck,
John Saunders
Internet Engineer
(e-mail address removed)
Click to expand...
 
J

Jason \(MFT1\)

Sorry I thought it was self evident....Silly me.

Well you can save your user identity info to the database and access the
info from each web application.

Heck, it's not brain surgery man.


LOL
 
J

John Saunders

Jason (MFT1) said:
Sorry I thought it was self evident....Silly me.

Well you can save your user identity info to the database and access the
info from each web application.
Click to expand...

I don't know if you're serious or not.

He's talking about passing the identity of a user who has logged in to one
application from one application to another. Regardless of where details are
stored, the identity has to be passed.
 
J

John Saunders

Stan said:
John,

Doesn't a session cookie expire when a user goes to another site? I don't
want to have a permanet cookie on disk....
Click to expand...

No. Session cookies do not expire when you go to another site. Certainly not
another site within the same domain.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Windows identity getting confused between users 0
2 sites or not 2 sites 5
What does the ASP.Net account need to run web sites? 1
Identity Impersonate in ASP.NET 2
Best way to pass a numeric value from one ASP.NET user control to another without using QueryString 4
What is the best way to track marketing campaigns (using IIS / asp.net 2.0) 2
Pass through Windows Identity to Web Service 2
What is the performance difference between ASP.Net Web site Vs Web Application template 7

Members online

No members online now.
Total: 54 (members: 1, guests: 53)
Robots: 175

Forum statistics

Threads
473,989
Messages
2,570,207
Members
46,782
Latest member
ThomasGex

Latest Threads

Top