— background —
I have a customer intranet (ASP.NET / VB) thats instantiating an asp.net session checking various things in the dblogin process. The Intranet has various sub-systems.
The marketing sub-system requires an app_role to be assigned to the Intranet user for them to view the section.
I need to create a new booking form for this section but the code appears to use a generic form which is use throughout the site in various other sections. So its not a good idea to ammend what is currently there.
— My plan —
Create a new application in C# / ASP.NET and also in IIS. (rather than a new site, create an app within the Intranet site in IIS)
Will I be able to check for the session thats currenting set in the cookie?
If the session is open then the user is able to see the Intranet and I assume I will need to do some checks for the app_role too.
I am simply going to put the URL for the app in the menu for marketing and then do another check just incase someone gives the URL to someone who doesnt have access to the menu.
–My Question–
Will i be able to check and use the cookie thats been instantiated by another application?
No – Sessions (session cookies) are application specific. You can try sharing sessions between applications via SQL and see if that works. As for membership/roles, see this.
Still, unsure why building a separate (web) app (which introduces the issue) is the way to go. If your plan is to introduce another form then why can’t this be done in the existing intranet app?