Securely migrate a user from one ASP.NET application to another

Question

Securely migrate a user from one ASP.NET application to another

I have an ASP.NET web application that uses forms authentication. Let me call this app "Foo." I am creating another ASP.NET application called Bar.

What I want to do is log in to the user in Foo, and then click on the link that displays them on the page in the Bar application. The Bar application should not require Foo to log in again. The Foo application must transfer the security ticket to the Bar application, and then the user can do his work inside the Bar application.

I also want to restrict access to the Bar application. Therefore, if a user tries to access the Bar application without first logging in, they are redirected to the Foo login page.

Is it possible? If so, how to implement this?

+5

asp.net forms-authentication

Brandon montgomery Apr 24 '09 at 15:33

source share

1 answer

Andrei Rînea · Accepted Answer · 2009-04-24T17:43:50+0000

I did this once, and it was between the PHP site and the ASP.NET site (I am an ASP.NET developer, but also know some snippets about PHP).

App1 (), App1 , (, GUID). App2 (, ). , JohnDoe App1.

App1 (3l3kjlk3j4lkj34, JohnDoe) App2 - (, HTTP URL-, www.app2.com/SetTempKey.aspx?userId=JohnDoe&key=3l3kjlk3j4lkj34 - , IP- ).

App2 . , App2 www.app2.com/login.aspx.

1 www.app2.com/login.aspx?tempKey=3l3kjlk3j4lkj34 , " 2". , login.aspx app2. querystring tempKey, , 2, , - JohnDoe.

App2 , FormsAuthentication.RedirectFromLoginPage( "JohnDoe", true) ( , , cookie /not _session_lived).

... .

Securely migrate a user from one ASP.NET application to another

More articles: