Click here to Skip to main content
Click here to Skip to main content

Tagged as

Go to top

Sharing Authentication Cookie between two ASP.NET Applications

, 11 Sep 2012
Rate this:
Please Sign up or sign in to vote.
Sharing authentication information between applications.

Introduction

The objective is to explain how to share the same Authentication cookie information between two ASP.NET applications.

The Approach

Assume that there are two applications and wants to share the cookie between these applications below are the settings required to share authentication ticket(cookie) across applications.

Step I

Need to set the enableCrossAppRedirects, domain, and requireSSL in both the application config files, under forms section.

First, the application config file.

<authentication mode="Forms">
  <forms name="FormsAuthentication" path="/" loginUrl="Login.aspx"
     defaultUrl="Home.aspx" timeout="1000" cookieless="UseCookies"  
     enableCrossAppRedirects ="true" domain="10.12.88.81" 
     requireSSL="false"/>
</authentication>

A machine key is required to decrypt the ticket:

<!-- MACHINE KEY REQUIRED IN BOTH CONFIG FILES -->
<machineKey
     decryptionKey="A225194E99BCCB0F6B92BC9D82F12C2907BD07CF069BC8B4"
     validationKey="6FA5B7DB89076816248243B8FD7336CCA360DAF8" />

The second application config file should be,

<authentication mode="Forms">
  <forms name="FormsAuthentication" path="/" loginUrl="login.aspx"
    defaultUrl="PropertyList.aspx" timeout="1000"
    cookieless="UseCookies" enableCrossAppRedirects="true"
    domain="10.12.88.81" requireSSL="false"/>
</authentication>

And the Machine Key should be:

<machineKey
    decryptionKey="A225194E99BCCB0F6B92BC9D82F12C2907BD07CF069BC8B4"
    validationKey="6FA5B7DB89076816248243B8FD7336CCA360DAF8" />

Make sure that you are using the same machine keys in both the applications. 

Step II

The first application needs to use the following code while redirecting to the second application.

public static string FormatRedirectUrl(string redirectUrl)
{
    HttpContext c = HttpContext.Current;
    //Don’t append the forms auth ticket for unauthenticated users 
       or
    //for users authenticated with a different mechanism
    if (!c.User.Identity.IsAuthenticated ||
        !(c.User.Identity.AuthenticationType == "Forms"))
        return redirectUrl;
    //Determine if we need to append to an existing query-string or
      not
    string qsSpacer;

    if (redirectUrl.IndexOf('?') > 0)
        qsSpacer = "&";
    else
        qsSpacer = "?";
    //Build the new redirect URL. Assuming that currently using
    //forms authentication. Change the below FormsIdentity if required.
    string newRedirectUrl;
    string newRedirectUrl;
    FormsIdentity fi = (FormsIdentity)c.User.Identity;
    newRedirectUrl = redirectUrl + qsSpacer +
    FormsAuthentication.FormsCookieName + "=" +
    FormsAuthentication.Encrypt(fi.Ticket);
    return newRedirectUrl;
}

The redirectUrl in the above code should be /<WebPages>/SecondAppPage.aspx, then only can it hold  the cookies along with the Redirect call. 

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Milan Mathew
Architect
United States United States
A coder from india. Specialized in Microsoft Technologies (ASP.NET, C#, WPF, MVVM, WCF, Biztalk)
 
Additional experience in Optical Character recognition (Acorde (Kofax) & Oracle IPM 7.7)
Follow on   Google+

Comments and Discussions

 
Questionsecond step PinmemberMapGuy1112-Feb-13 6:30 
AnswerRe: second step PinmemberMilan Mathew8-Mar-13 2:55 
GeneralMy vote of 5 Pinmemberchristhomps27-Oct-12 22:44 
QuestionNice Article Pinmemberchristhomps11-Sep-12 20:26 
A very nice article. I'll try this tip today and let you know my additional findings.
AnswerRe: Nice Article PinmemberMilan Mathew11-Sep-12 20:29 
GeneralMy vote of 5 Pinmemberchristhomps11-Sep-12 20:26 
GeneralRe: My vote of 5 PinmemberMilan Mathew11-Sep-12 20:31 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web04 | 2.8.140922.1 | Last Updated 11 Sep 2012
Article Copyright 2012 by Milan Mathew
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid