C # Forms Authentication.ApxAUTH Cookie for SSO

Question

C # Forms Authentication.ApxAUTH Cookie for SSO

I have 2 applications (one .NET and the other Angular SPA (web services in .NET) with the same domain name. I need to enable SSO for these 2 applications. Both web.config files have the same machine key and they enabled for form validation mode.

I enter the .NET site, present the Angular site in iFrame. When an iframe is opened, the API call includes the cookie.ASPXAUTH in the request header, but HttpContext.User.Identity.Authenticated is set to false. Thus, it returns 404 and redirects to the login page for the Angular site in the iframe.

The auth cookie is HttpOnly, so Angular cannot read it. But since the cookie is set in the request header, the API (.NET) method must consider it to be authenticated, and this is not so. Anything I miss?

+6

angularjs c # asp.net-mvc forms-authentication

Dave Dec 16 '15 at 18:46

source share

1 answer

Dibran · Answer 1 · 2017-01-02T09:04:45+0000

There is some information that does not have the ability to correctly answer this question, but I think that this has to do with the same origin policy. You must explicitly specify the iFrame source so that your cookie is not recognized as a cross-site request. And therefore ASPH will not be applied. Your HTTP header should be set to a valid start and source.

Please also take a look at the question . It briefly explains a policy of the same origin.

C # Forms Authentication.ApxAUTH Cookie for SSO

More articles: