stackoom
  简体   繁体   中英

Asp.net share forms authentication by two applications in the same domain

 原文  2015-03-03 11:20:36       asp.net/ authentication/ cookies/ subdomain/ forms-authentication

Question

I have two applications in the same domain: mydomain/app1 and mydomain/app2, and I need to share authentication between them. One app is in Asp.Net WebForms, and the second is using WebApi2.

I configured web.config like below:

App1: 

<authentication mode="Forms">
  <forms loginUrl="/Login.aspx" defaultUrl="/Default.aspx" name=".ASPXFORMSAUTH" protection="All" cookieless="UseDeviceProfile" slidingExpiration="true" path="/" domain="mydomain" requireSSL="false" timeout="60" enableCrossAppRedirects="false">
  </forms>
</authentication>
<authorization>
  <deny users="?" />
  <allow users="*"/>
</authorization>
<machineKey validationKey="generated key1" decryptionKey="generated key2" validation="SHA1"/>

App2: 

<authentication mode="Forms">
  <forms loginUrl="/index.html" defaultUrl="/index.html" name=".ASPXFORMSAUTH" protection="All" cookieless="UseDeviceProfile" slidingExpiration="true" path="/" domain="mydomain" requireSSL="false" timeout="60" enableCrossAppRedirects="false">
  </forms>
</authentication>
<authorization>
  <deny users="?" />
  <allow users="*"/>
</authorization>
<machineKey validationKey="generated key1" decryptionKey="generated key2" validation="SHA1"/>

I am signing into app1 and observe the cookie content. Then I am requesting an URL from app2 in another browser tab. The cookie (name and content) in the second tab is the same as in the first one. I expect that the request from the second tab to be authenticated by the app2 since the cookie is already authenticated by the app1. Yet, this is not happening, and I am redirected to the login page of app2.

1 answers

solution1
 3 ACCPTED  2015-03-03 18:08:00

As suggested by the OP, here is the answer that works in that case.

They've changed the cookie encryption between 4 and 4.5. You can either make both running under the same .net or turn on the compatibility on the 4.5 site by adding an attribute to your machine key config node.

https://social.microsoft.com/Forums/en-US/1791c5e3-4087-4e92-a460-51c5c4221f49/any-forms-auth-changes-in-45?forum=Offtopic

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Share Forms Authentication in ASP.NET and ASP.NET Core applications ASP.NET MVC - Same authentication between two applications asp.net two applications on one domain Can two ASP.NET applications share domain name on a single IIS server? Is it possible to share an existing asp.net applications membership database with sharepoint 2010's, when using Forms based authentication ASP.NET Forms Authentication between Applications with different form credentials Can I upload two web applications on the same web domain using ASP.NET? Share information beetween ASP.NET applications on the same IIS Share ASP.Net membership info between two applications Sharing ASP.NET Authentication between two applications
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM