Click here to Skip to main content
15,868,016 members
Articles / Web Development / ASP.NET
Tip/Trick

Sharing Authentication Cookie between two ASP.NET Applications

Rate me:
Please Sign up or sign in to vote.
4.75/5 (4 votes)
11 Sep 2012CPOL 59.9K   17   9
Sharing authentication information between applications.

Introduction

The objective is to explain how to share the same Authentication cookie information between two ASP.NET applications.

The Approach

Assume that there are two applications and wants to share the cookie between these applications below are the settings required to share authentication ticket(cookie) across applications.

Step I

Need to set the enableCrossAppRedirects, domain, and requireSSL in both the application config files, under forms section.

First, the application config file.

XML
<authentication mode="Forms">
  <forms name="FormsAuthentication" path="/" loginUrl="Login.aspx"
     defaultUrl="Home.aspx" timeout="1000" cookieless="UseCookies"  
     enableCrossAppRedirects ="true" domain="10.12.88.81" 
     requireSSL="false"/>
</authentication>

A machine key is required to decrypt the ticket:

XML
<!-- MACHINE KEY REQUIRED IN BOTH CONFIG FILES -->
<machineKey
     decryptionKey="A225194E99BCCB0F6B92BC9D82F12C2907BD07CF069BC8B4"
     validationKey="6FA5B7DB89076816248243B8FD7336CCA360DAF8" />

The second application config file should be,

ASP.NET
<authentication mode="Forms">
  <forms name="FormsAuthentication" path="/" loginUrl="login.aspx"
    defaultUrl="PropertyList.aspx" timeout="1000"
    cookieless="UseCookies" enableCrossAppRedirects="true"
    domain="10.12.88.81" requireSSL="false"/>
</authentication>

And the Machine Key should be:

ASP.NET
<machineKey
    decryptionKey="A225194E99BCCB0F6B92BC9D82F12C2907BD07CF069BC8B4"
    validationKey="6FA5B7DB89076816248243B8FD7336CCA360DAF8" />

Make sure that you are using the same machine keys in both the applications. 

Step II

The first application needs to use the following code while redirecting to the second application.

C#
public static string FormatRedirectUrl(string redirectUrl)
{
    HttpContext c = HttpContext.Current;
    //Don’t append the forms auth ticket for unauthenticated users 
       or
    //for users authenticated with a different mechanism
    if (!c.User.Identity.IsAuthenticated ||
        !(c.User.Identity.AuthenticationType == "Forms"))
        return redirectUrl;
    //Determine if we need to append to an existing query-string or
      not
    string qsSpacer;

    if (redirectUrl.IndexOf('?') > 0)
        qsSpacer = "&";
    else
        qsSpacer = "?";
    //Build the new redirect URL. Assuming that currently using
    //forms authentication. Change the below FormsIdentity if required.
    string newRedirectUrl;
    string newRedirectUrl;
    FormsIdentity fi = (FormsIdentity)c.User.Identity;
    newRedirectUrl = redirectUrl + qsSpacer +
    FormsAuthentication.FormsCookieName + "=" +
    FormsAuthentication.Encrypt(fi.Ticket);
    return newRedirectUrl;
}

The redirectUrl in the above code should be /<WebPages>/SecondAppPage.aspx, then only can it hold  the cookies along with the Redirect call. 

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Architect
United States United States
A coder from india. Specialized in Microsoft Technologies (ASP.NET, C#, WPF, MVVM, WCF, Biztalk)

Additional experience in Optical Character recognition (Acorde (Kofax) & Oracle IPM 7.7)

Comments and Discussions

 
GeneralMy vote of 5 Pin
christhomps27-Oct-12 22:44
christhomps27-Oct-12 22:44 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.