We have several intranet ASP.NET web sites. Users log on to the sites by
using form authentication and custom security (user names and passwords are
stored in the database).
If a user logs on to the first site and from within this site is redirected
to another one, we would like to pass its security information along, so the
user doesn't need to log on again.
I am thinking of making a gateway page that will have two url parameters,
user id and the url of the next page:
gateway.aspx?userId=123&nextPageUrl="somePage.aspx"
Is this the only way to achieve that?
Thanks,
-Stan"Stan" <nospam@.yahoo.com> wrote in message
news:%23GsdNrNaDHA.2572@.TK2MSFTNGP09.phx.gbl...
> We have several intranet ASP.NET web sites. Users log on to the sites by
> using form authentication and custom security (user names and passwords
are
> stored in the database).
> If a user logs on to the first site and from within this site is
redirected
> to another one, we would like to pass its security information along, so
the
> user doesn't need to log on again.
> I am thinking of making a gateway page that will have two url parameters,
> user id and the url of the next page:
> gateway.aspx?userId=123&nextPageUrl="somePage.aspx"
> Is this the only way to achieve that?
Stan,
You can continue using Forms Authentication on all the sites. Just use the
same cookie name for all sites, and a compatible domain name. For instance,
if your sites are http://a.b.company.com, http://b.b.company.com and
http://x.company.com, then you'll need to use "company.com" as the domain
for the cookie so that it will be sent to all three sites.
If the sites are on separate machines, you'll need to have the same
<machineKey> on all sites, either in the web.config of each site, or in the
machine.config of each machine.
Of course, this also means that if you use UserData on any site, that it
will have to be compatible with all of the other sites. For instance, if one
site puts a role list into UserData, you'll want all the sites to respect
that list, or at worst, to ignore it.
A common set of classes to implement this can be developed and then used on
each site. If you make the interface easy enough, you may not experience
much resistance in getting this implemented on all sites.
Good Luck,
John Saunders
Internet Engineer
john.saunders@.surfcontrol.com
Why not just use a database?
"John Saunders" <john.saunders@.surfcontrol.com> wrote in message
news:e0Ok33NaDHA.1816@.TK2MSFTNGP09.phx.gbl...
> "Stan" <nospam@.yahoo.com> wrote in message
> news:%23GsdNrNaDHA.2572@.TK2MSFTNGP09.phx.gbl...
> > We have several intranet ASP.NET web sites. Users log on to the sites by
> > using form authentication and custom security (user names and passwords
> are
> > stored in the database).
> > If a user logs on to the first site and from within this site is
> redirected
> > to another one, we would like to pass its security information along, so
> the
> > user doesn't need to log on again.
> > I am thinking of making a gateway page that will have two url
parameters,
> > user id and the url of the next page:
> > gateway.aspx?userId=123&nextPageUrl="somePage.aspx"
> > Is this the only way to achieve that?
> Stan,
> You can continue using Forms Authentication on all the sites. Just use the
> same cookie name for all sites, and a compatible domain name. For
instance,
> if your sites are http://a.b.company.com, http://b.b.company.com and
> http://x.company.com, then you'll need to use "company.com" as the domain
> for the cookie so that it will be sent to all three sites.
> If the sites are on separate machines, you'll need to have the same
> <machineKey> on all sites, either in the web.config of each site, or in
the
> machine.config of each machine.
> Of course, this also means that if you use UserData on any site, that it
> will have to be compatible with all of the other sites. For instance, if
one
> site puts a role list into UserData, you'll want all the sites to respect
> that list, or at worst, to ignore it.
> A common set of classes to implement this can be developed and then used
on
> each site. If you make the interface easy enough, you may not experience
> much resistance in getting this implemented on all sites.
> Good Luck,
> John Saunders
> Internet Engineer
> john.saunders@.surfcontrol.com
"Jason (MFT1)" <usethe@.newsgroup.pls> wrote in message
news:%23gvsK5NaDHA.1004@.TK2MSFTNGP12.phx.gbl...
> Why not just use a database?
Use a database and ... what?
--
John Saunders
Internet Engineer
john.saunders@.surfcontrol.com
Sorry I thought it was self evident...Silly me.
Well you can save your user identity info to the database and access the
info from each web application.
Heck, it's not brain surgery man.
LOL
"John Saunders" <john.saunders@.surfcontrol.com> wrote in message
news:euT2hCOaDHA.3436@.tk2msftngp13.phx.gbl...
> "Jason (MFT1)" <usethe@.newsgroup.pls> wrote in message
> news:%23gvsK5NaDHA.1004@.TK2MSFTNGP12.phx.gbl...
> > Why not just use a database?
> Use a database and ... what?
> --
> John Saunders
> Internet Engineer
> john.saunders@.surfcontrol.com
"Jason (MFT1)" <usethe@.newsgroup.pls> wrote in message
news:%23ypPZIOaDHA.2284@.TK2MSFTNGP12.phx.gbl...
> Sorry I thought it was self evident...Silly me.
> Well you can save your user identity info to the database and access the
> info from each web application.
I don't know if you're serious or not.
He's talking about passing the identity of a user who has logged in to one
application from one application to another. Regardless of where details are
stored, the identity has to be passed.
--
John Saunders
Internet Engineer
john.saunders@.surfcontrol.com
"Stan" <nospam@.yahoo.com> wrote in message
news:uNb8xTOaDHA.1916@.TK2MSFTNGP12.phx.gbl...
> John,
> Doesn't a session cookie expire when a user goes to another site? I don't
> want to have a permanet cookie on disk...
No. Session cookies do not expire when you go to another site. Certainly not
another site within the same domain.
--
John Saunders
Internet Engineer
john.saunders@.surfcontrol.com
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment