6

here is our problem.. We have built an MVC Web-api that uses Forms authentication with cookies to handle sessions. When we use our front-end webpage on the same domain (localhost or web-server) as the web-api, all works fine. (We use JQuery $.get and $.post to communicate with the web-api).

Though the front-end is in the future supposed to be a standalone html5 app, not located on the same domain as the web-api. This isn't working unfortunately.

The web-api does return an authentication cookie to the client, BUT the cookie isn't brought back to the web-api when the front-end sends it's requests. When both web-api and front-end are on the same domain, the cookie is automatically sent with the request.

We've tried setting "Access-Control-Allow-Origin: *" and "Access-Control-Allow-Authentication: true" in the web-api webconfig file.

Improve this question
1
  • Were you able to solve this problem? I am in a similar situation but my client app in a HTML5 based phonegap application that runs on mobile browser containers. Commented Nov 6, 2013 at 6:06

1 Answer 1

Reset to default
4

What you need is a single-sign-on(SSO) feature.

Browser will only cookies to the same domain, that is the reason why it was not working when applications are located on different domains.

There a nice article in CodeProject on implementing SSO in ASP.NET - http://www.codeproject.com/Articles/106439/Single-Sign-On-SSO-for-cross-domain-ASP-NET-applic it applies to ASP.Net MVC too.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

That is a great article!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.