stackoom
  简体   繁体   中英

Single Sign On using asp.net forms authentication not working

 原文  2018-02-14 12:08:00       c#/ asp.net/ single-sign-on/ forms-authentication

Question

I have two subdomains, say b1.abc.com and s1.abc.com . I am implementing single sign on using forms authentication but it doesn't seem to work as expected. What I want is, if a user signin in b1.abc.com and then open home page of s1.abc.com (say in another tab), then he shouldn't be redirected back to login page, instead logged him in and show him home page.

As of now, when I login in b1.abc.com and then open s1.abc.com, it doesn't authenticate and redirect to login page.

Below is my code.

In login button click event of both the app : 

FormsAuthentication.SetAuthCookie(txtUserName.Text, true);
System.Web.HttpCookie MyCookie = System.Web.Security.FormsAuthentication.GetAuthCookie(User.Identity.Name.ToString(), true);
MyCookie.Domain = "abc.com";
Response.AppendCookie(MyCookie);

Response.Redirect("Home.aspx", false);
Context.ApplicationInstance.CompleteRequest();

Then in home.aspx page of both the application, I check as below : 

bool isLoggedIn = ((System.Web.HttpContext.Current.User != null) && System.Web.HttpContext.Current.User.Identity.IsAuthenticated);
if (!isLoggedIn)
{
    FormsAuthentication.RedirectToLoginPage();
    return;
}

In web.config, I have below settings : 

<authentication mode="Forms">
  <forms name="Authent" protection="All" timeout="60" loginUrl="Login.aspx" defaultUrl="Home.aspx" path="/" enableCrossAppRedirects="true" />
</authentication>
<authorization>
  <deny users="?" />
</authorization>

NOTE : I tried giving domain name of cookie with a dot (.abc.com), but it didn't work.

1 answers

solution1
 0 ACCPTED  2018-02-27 08:11:08

I solved it as below :

1) Added domain in web.config. 

<forms name="Authent" protection="All" timeout="525600" loginUrl="Login.aspx" defaultUrl="Home.aspx" path="/" enableCrossAppRedirects="true" slidingExpiration="true" domain=".abc" />

2) I checked if authenticated by below lines : 

if (!(Request.IsAuthenticated))
{
    FormsAuthentication.RedirectToLoginPage();
    return;
}

3) In the first block in question, 

MyCookie.Domain = ".abc.com"; // note the dot before domain name

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ASP.NET MVC 5 Single Sign On pattern without Forms Authentication ASP.NET Forms authentication - Issue with single sign-on on Chrome and Firefox Implement single sign on ASP .Net Web Application current using forms based authentication possible to access page after sign out using Forms Authentication in ASP.net ASP.NET Single Sign On ASP.NET MVC Impersonate not working with Forms Authentication ASP.Net 4.5 Forms Authentication / Authorization not working ASP.NET Forms Authentication and Windows Authentication asp.net forms authentication without login page using ssl Using Custom Login for forms authentication in asp.net mvc5
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM