Today, I am going to discuss one of the feature, that I was working last few days and spent sleepless nights at office and Home as well. Here I am going to discuss Single Sign On (SSO) feature and every other developer implements SSO on some or other day.
So Actually I was having two applications. The requirement was like,
user logins from one application and on clicking a link it is navigated to
another application. So when user clicks on the link it redirected to
application2, it checks, whether the user is authenticated or not. If
authenticated it can access the application2 else get redirected to first
application for Authentication, And once authenticated again directly reaches
the second application.
Here my both application were Web application and form Authentication is
used to authenticate the user. I had to devise some solution to implement SSO.
I didn’t want to use the authentication code written on both applications so
used first application only for Authentication. I thought of using the same
authentication cookie that was created by First Application after
authentication. And implemented this.
It worked very well. I was able to read the authentication cookie in
another application and wrote the logic accordingly. I deployed both applications
on my local machine and Test QA Server and it worked like a charm.
But… as soon as my application went actual test environment it started
barfing. Nothing was working. No SSO.. Nothing..
Actually, what happened both the application were deployed on different
web server in different domain. Like my first application has URL like app1.mydomain.com and another
As I was not aware earlier I didn’t keep it in mind. As we know by default
cookie is limited to domain. I was not able to access auth cookie in
application2 as it was in separate domain. After some research on Internet, I
happened to make the changes in auth cookie and updated the domain property as
I found solutions on Google. The code was like
System.Web.HttpCookie MyCookie =
MyCookie.Domain = “.mydomain.com”;Response.AppendCookie(MyCookie);
You can find it easily on internet. But the actual nightmare started
after this only. Users were not able to logout. It kept looping as I checked in
Fiddler and finally redirection error. Started searching on internet and found
lots of people have problem but no thread ended with proper solution. I found
at some places the auth cookie doesn’t get deleted if domain is set. Some
workaround were there, like deleting the auth cookie manually when user logs
out. But this also didn’t work. And ultimately did not find any solution on
So I did some brainstorming. Actually there is a method provided by as
which is supposed to logout the user once called but it was not doing
it. Actually as suggested over internet I set the domain for Auth cookie. Which
was creating some problem? FormAutetication itself provides a way to set the
domain for cookie. This is a static property of the FormAuthentication Class. But
this is read only. One need to set it in web.config file and it will also be
easy you can change the domain whenever you want. So one can set it as
<forms name=".ASPXAUTH" loginUrl="Login/" protection="Validation" timeout="120" path="/" domain=".mydomain.com"/>
After setting my application again started working perfectly fine. So wanted to share this to you all. One does not need to update the cookie manually as I did in first code sample above and later deleting it while logging out. It may not work. Just one need to set the domain at config file, one will be away from this endless problem and surfing the Internet.
Hope this helps.
Thanks a lot