Monday, November 12, 2012

SSO in multiple ASP.NET applications under the same domain

Suppose you have two different web applications under the same domain. For example:

First web application(ASP.NET Web Forms): http://example.com/
Second web application(ASP.NET MVC): http://example.com/admin/

Both web applications use ASP.NET Forms authentication.

How to make possible to authenticate in one web-application and be authenticated in another?

The answer is to use same machineKey configuration and authentication cookie name in both web applications.

Example of first web application(ASP.NET Web Forms) config section:
 <system.web>  
  <machineKey validationKey="6366D9EDF5591718A1A69557F106AFC16A8A184159028364814BD3B9D48941832E7310C0386DAD406AD04337B4B57D1772430233FCB82E265635DE5E35FF3C4F" decryptionKey="76D34CAEA4614B2EBFB0E20819CFE744389ADCC511D94C8CEA7DA6517C9D0E68" validation="SHA1" decryption="AES" />  
  <authentication mode ="Forms" >  
    <forms name =".AUTH" loginUrl= "~/Login.aspx" />  
   </authentication>   
 </system.web>  

Example of second web application(ASP.NET MVC) config section:
 <system.web>  
  <machineKey validationKey="6366D9EDF5591718A1A69557F106AFC16A8A184159028364814BD3B9D48941832E7310C0386DAD406AD04337B4B57D1772430233FCB82E265635DE5E35FF3C4F" decryptionKey="76D34CAEA4614B2EBFB0E20819CFE744389ADCC511D94C8CEA7DA6517C9D0E68" validation="SHA1" decryption="AES" />  
  <authentication mode ="Forms" >  
    <forms name =".AUTH" loginUrl= "~/Authentication/Login " />  
   </authentication>  
 </system.web>  

You can generate unique machineKey for your applications here: http://aspnetresources.com/tools/machineKey

No comments:

Post a Comment