Sharing ASP.NET Authentication between two applications

Question

I have two web applications ASP.NET running on the same web server IIS 7.5/.NET 4.0. The first app makes async calls through jquery to the second app, which acts as web service backend (connected to a database server). The two applications will be installed in intranet context, so I want to use integrated "Windows Authentication".

In both Web.config I have:

<authentication mode="Windows" />

<authorization>
    <deny users="?" />
</authorization>

<identity impersonate="true" />

If I open a browser and I access a test page it's ok on both web apps: the browser asks for a user/password pair and IIS allows the page to be downloaded. But if I access a test page of the first web app, which makes an async request to a web service installed on the second app, a 401 error code is returned. So it seems that the authentication is lost between the two applications.

I tried also machineKey but nothing...

Any idea ?

Any help is appreciated, thanks in advance.

Alex

Answer 1

You are probably trying to make an async request to a different domain, which isn't allowed .

You can get around this by creating a "proxy" call to the web service. You make the async call to your local asp.net application, which makes the call to the web service on your behalf. This avoids the same origin policy restriction discussed in the link above.

Another option, since you have control of the application on both ends, would be to look at JSONP . I don't have a lot of experience with it, but I have seen it used for making async calls across domains.

Good luck!