Introduction
The objective is to explain how to share the same Authentication cookie information between two ASP.NET applications.
The Approach
Assume that there are two applications and wants to share the cookie between these applications below are the settings required to share authentication ticket(cookie) across applications.
Step I
Need to set the enableCrossAppRedirects
, domain
, and requireSSL
in both the application config files, under forms section.
First, the application config file.
<authentication mode="Forms">
<forms name="FormsAuthentication" path="/" loginUrl="Login.aspx"
defaultUrl="Home.aspx" timeout="1000" cookieless="UseCookies"
enableCrossAppRedirects ="true" domain="10.12.88.81"
requireSSL="false"/>
</authentication>
A machine key is required to decrypt the ticket:
<machineKey
decryptionKey="A225194E99BCCB0F6B92BC9D82F12C2907BD07CF069BC8B4"
validationKey="6FA5B7DB89076816248243B8FD7336CCA360DAF8" />
The second application config file should be,
<authentication mode="Forms">
<forms name="FormsAuthentication" path="/" loginUrl="login.aspx"
defaultUrl="PropertyList.aspx" timeout="1000"
cookieless="UseCookies" enableCrossAppRedirects="true"
domain="10.12.88.81" requireSSL="false"/>
</authentication>
And the Machine Key should be:
<machineKey
decryptionKey="A225194E99BCCB0F6B92BC9D82F12C2907BD07CF069BC8B4"
validationKey="6FA5B7DB89076816248243B8FD7336CCA360DAF8" />
Make sure that you are using the same machine keys in both the applications.
Step II
The first application needs to use the following code while redirecting to the second application.
public static string FormatRedirectUrl(string redirectUrl)
{
HttpContext c = HttpContext.Current;
or
if (!c.User.Identity.IsAuthenticated ||
!(c.User.Identity.AuthenticationType == "Forms"))
return redirectUrl;
not
string qsSpacer;
if (redirectUrl.IndexOf('?') > 0)
qsSpacer = "&";
else
qsSpacer = "?";
string newRedirectUrl;
string newRedirectUrl;
FormsIdentity fi = (FormsIdentity)c.User.Identity;
newRedirectUrl = redirectUrl + qsSpacer +
FormsAuthentication.FormsCookieName + "=" +
FormsAuthentication.Encrypt(fi.Ticket);
return newRedirectUrl;
}
The redirectUrl
in the above code should be /<WebPages>/SecondAppPage.aspx, then only can it hold the cookies along with the Redirect
call.
A coder from india. Specialized in Microsoft Technologies (ASP.NET, C#, WPF, MVVM, WCF, Biztalk)
Additional experience in Optical Character recognition (Acorde (Kofax) & Oracle IPM 7.7)