ASP.NET single sign-on - cookie name, machineKey and what else?

Question

ASP.NET single sign-on - cookie name, machineKey and what else?

I have two ASP.NET applications hosted on the same server. Their configurations have the same machine key values, and the authentication sections are as follows:

<authentication mode="Forms"> <forms loginUrl="/_login/default.aspx" name=".MySingleAuth" /> </authentication> <authentication mode="Forms"> <forms loginUrl="~/MySingle/LogOn/0" timeout="2880" name=".MySingleAuth"/> </authentication>

A single sign (authentication in both applications using the same cookie) still does not work. What am I missing?

Edit: two applications are on our intranet, one under https: // ip: 84 , and the other under https: // ip: 86 (where ip is IP).

+6

asp.net single-sign-on

agnieszka Nov 30 '10 at 9:04

source share

1 answer

EvilMM · Answer 1 · 2010-11-30T09:13:29+0000

The following configuration for SingleSignOn worked for me:

 <machineKey validationKey="818B77A6AFBF5E0B82B7FBE6F992E1733986DAEF81D1EB107B55D6F68EB6FEC6097349A9E37A407A6B5CF2FA1AB9327CA182A2C999A768C14B146036420203F9" decryptionKey="45798D54477D1D11BFC16733786AABB50E7FD5DDB3F8F46A" validation="SHA1" /> <authentication mode="Forms"> <forms name=".ASPXAUTH" loginUrl="~/Login.aspx" protection="All" cookieless="UseCookies" enableCrossAppRedirects="true"/> </authentication>

Make sure that the keys in the two applications are absolutely identical (verification and decryption)
The cookie name must be the same.
SingleSignOn only works if you are in the same domain (cookies).

Read this page, it helped me: http://www.codeproject.com/KB/aspnet/SingleSignon.aspx

ASP.NET single sign-on - cookie name, machineKey and what else?

More articles: