Geek Answers Handbook

How can I exchange authenticated .NET (C #) session between web forms and MVC2 applications?

We have a small application that we created in our free time, using the latest mvc3 and Entity Framework.net libraries available at that time, and deployed it. Management liked it and they want it to integrate into the heavy .net 3.5 web form application.

I need to somehow use the same authentication sessions in two applications. I use the same database and authentication application using membership providers and .net profile. This works fine, but users must log in separately to the MVC application, even if they are already logged into the main application. I am open to any suggestions: inclusion of a state session at another level or general cookies , etc.

What is the best way to get around this login requirement and should I integrate the mvc application into web forms or keep it as an independent application? My main problem influencing the solution will be the time spent on full integration and subsequent maintenance of applications.

+8
authentication asp.net-mvc session
source share
4 answers

Firstly, the fact that one application is an ASP.NET MVC does not matter here :)

Secondly, here is one example of what to do with MSDN:

http://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx

A small snippet from this page:

<configuration> <system.web> <authentication mode="Forms" > <!-- The name, protection, and path attributes must match exactly in each Web.config file. --> <forms loginUrl="login.aspx" name=".ASPXFORMSAUTH" protection="All" path="/" domain="contoso.com" timeout="30" /> </authentication> <!-- Validation and decryption keys must exactly match and cannot be set to "AutoGenerate". The validation and decryption algorithms must also be the same. --> <machineKey validationKey="C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE" decryptionKey="8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" validation="SHA1" /> </system.web> </configuration>

.

PS

StriplingWarrior advises combining both applications, although this is not really required, but can be very useful for future integrations. Later you can do it anyway.

+7
source share

Form authentication uses cookies to track users. Cookies can only be used for one domain. For example, if you had app1.foo.com and app2.foo.com , simply configure these two applications to share the same domain cookie. For example, web.config must have the same authentication configuration:

 <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="2880" domain="foo.com" /> </authentication>

You must also ensure that both applications share the same machine keys , since the authentication cookie emitted by app1 must be decrypted using app2 with the same keys.

+2
source share

You might want to simply integrate this application into your Web Forms application directly. Both can coexist in one application.

0
source share

Store session state in the database. Store the session key in cookies for each session. At the AcquireSessionState event, in the life cycle of both applications, get the session ID from the cookie, download the session data from the database and update your HttpContext.User . Then you will have the same authentication data in both applications.

0
source share

More articles:


All Articles