Home/ Questions/Q 40663
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-10T15:03:32+00:00

Lets say that you have websites www.xyz.com and www.abc.com. Lets say that a user

  • 0

Lets say that you have websites http://www.xyz.com and http://www.abc.com.

Lets say that a user goes to http://www.abc.com and they get authenticated through the normal ASP .NET membership provider.

Then, from that site, they get sent to (redirection, linked, whatever works) site http://www.xyz.com, and the intent of site http://www.abc.com was to pass that user to the other site as the status of isAuthenticated, so that the site http://www.xyz.com does not ask for the credentials of said user again.

What would be needed for this to work? I have some constraints on this though, the user databases are completely separate, it is not internal to an organization, in all regards, it is like passing from stackoverflow.com to google as authenticated, it is that separate in nature. A link to a relevant article will suffice.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Try using FormAuthentication by setting the web.config authentication section like so:

    <authentication mode='Forms'>   <forms name='.ASPXAUTH' requireSSL='true'        protection='All'        enableCrossAppRedirects='true' /> </authentication>

    Generate a machine key. Example: Easiest way to generate MachineKey – Tips and tricks: ASP.NET, IIS …

    When posting to the other application the authentication ticket is passed as a hidden field. While reading the post from the first app, the second app will read the encrypted ticket and authenticate the user. Here’s an example of the page that passes that posts the field:

    .aspx:

    <form id='form1' runat='server'>   <div>     <p><asp:Button ID='btnTransfer' runat='server' Text='Go' PostBackUrl='http://otherapp/' /></p>     <input id='hdnStreetCred' runat='server' type='hidden' />   </div> </form>

    code-behind:

    protected void Page_Load(object sender, EventArgs e) {     FormsIdentity cIdentity = Page.User.Identity as FormsIdentity;     if (cIdentity != null)     {         this.hdnStreetCred.ID = FormsAuthentication.FormsCookieName;         this.hdnStreetCred.Value = FormsAuthentication.Encrypt(((FormsIdentity)User.Identity).Ticket);     } }

    Also see the cross app form authentication section in Chapter 5 of this book from Wrox. It recommends answers like the ones above in addition to providing a homebrew SSO solution.

    • 0