Single Sign On with Forms Authentication

asp.net authentication forms-authentication single-sign-on
16,517

Solution 1

I had used <clear/> on the httpModules section, as there were items in the parent that did not exist in the bin dir for the child (/admin)

In doing so (using <clear/> that is ) I had inadvertently cleared the FormsAuthentication module specified in the web.config in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG

so i needed to re-add those explicitly to the child (/admin) config

Solution 2

Your forms section of web.config needs to be the same as well.

Quote from - Forms Authentication Across Applications

To configure forms authentication across applications, you set attributes of the forms and machineKey sections of the Web.config file to the same values for all applications that are participating in shared forms authentication.

The following example shows the Authentication section of a Web.config file. Unless otherwise noted, the name, protection, path, validationKey, validation, decryptionKey, and decryption attributes must be identical across all applications. Similarly, the encryption and validation key values and the encryption scheme and validation scheme used for authentication tickets (cookie data) must be the same. If the settings do not match, authentication tickets cannot be shared.

Share:
16,517
ChrisCa
Author by

ChrisCa

Updated on June 04, 2022

Comments

  • ChrisCa
    ChrisCa about 2 years

    I am trying to set up Single sign on for 2 websites that reside on the same domain

    e.g.

    http://mydomain (top level site that contains a forms-auth login page)

    http://mydomain/admin (seperately developed website residing in a Virtual Application within the parent website)

    Have read a few articles on Single Sign on e.g.

    http://www.codeproject.com/KB/aspnet/SingleSignon.aspx

    http://msdn.microsoft.com/en-us/library/dd577079.aspx

    And they seem to suggest it is just a case of having the same machinekey section in each web.config so that the cookie encryption and decryption is the same for each application

    I have set this up and I never get prompted for credentials in the sub-website (the virtual application)

    I always get prompted in the parent site.

    In addition to having the same machinekey I've also tried adding the same <authentication> and <authorisation> elements

    Any idea what I could be missing?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

ASP.Net Store User Data in Auth Cookie
Differences in forms auth timeout and session timeout
AuthenticateRequest event
Thread.CurrentPrincipal claims incorrectly to be anynomous
Sample cypress script to bypass SSO
How to integrate Azure AD SSO in flutter app
How to deny anonymous users to virtual directory
C# / ASP.NET / AD - "The specified directory service attribute or value does not exist."
HTTP Error 500.19 - Error Code 0x80070021
Could not create SSL/TLS secure channel. The client and server cannot communicate, because they do not possess a common algorithm