Application/Subweb access

Discussion in 'ASP.NET / ASP.NET Core' started by wallinaspne, Oct 13, 2003.

Thread Status:
Threads that have been inactive for 5 years or longer are closed to further replies. Please start a new thread.
  1. wallinaspne

    wallinaspne

    I'm developing a application farm on www.wallinasp.net but my centralized login, like single sign-on, using Forms authentication does not accurately redirects me to any sub application on my site.

    Currently, as a test, I created 3 web applications.
    www.wallinasp.net
    www.wallinasp.net/Test1
    www.wallinasp.net/Test2

    I have a centralized login.aspx page in www.wallinasp.net
    Test1 is using the authorization parameters for the login page and Test2 is using another authorization (Windows)

    Below are the web.config for the three applications.

    www.wallinasp.net - web.config
    <authentication mode="Forms">
    <forms name="loginCookie" path="/" loginUrl="/login.aspx" />
    </authentication>
    <authorization>
    <deny users="?" />
    </authorization>

    www.wallinasp.net/Test1 - web.config
    [nothing = inherits from parent]

    www.wallinasp.net/Test2 - web.config
    <authentication mode="Windows" />
    <authorization>
    <allow users="*" />
    </authorization>


    Thank you,

    Anders Wallin
    Solution Architect, MCSD
     
    wallinaspne, Oct 13, 2003
    #1
  2. wallinaspne

    wallinaspne

    I found the problem and the solution.

    [:D]

    First of all my assumptions were correct but I was missing a valuable piece of the puzzle.

    I found on MSDN a section on machineKey</font id="red"> where it explained that the default behavior is that each application is using different decryption/encryption keys so when my sub application is trying to find the authorization cookie the enc/dec is different than the one creating the original cookie.

    So to use the same cookie over an enterprise or web farm just set/create a machineKey with the same enc/dec key for all applications that should share the login authorization.

    The authentication/machineKey/authorization section could be omited from any sub applications that would use the same login authorization.

    Example web.config
    <authentication mode="Forms">
    forms name=".ASPXAUTH"
    loginUrl="/login.aspx"
    protection="All"
    timeout="1440"
    path="/" />
    </authentication>

    <machineKey
    validationKey="C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE"
    decryptionKey="8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F"
    validation="3DES"
    />

    <authorization>
    <deny users="?" />
    </authorization>



    Anders Wallin
    Solution Architect, MCSD
     
    wallinaspne, Oct 14, 2003
    #2
  3. wallinaspne

    wallinaspne

    wallinaspne, Oct 14, 2003
    #3
Thread Status:
Threads that have been inactive for 5 years or longer are closed to further replies. Please start a new thread.

Share This Page