7

We have a server with lets say 5-10 internal ASP.NET (MVC) applications running in separate application pools as separate websites (on different ports and/or subdomains). I know nothing about the built-in ASP.NET authentication framework, so I was wondering if anyone could drop me a quick pointer in the right direction...

I want to secure all of the internal apps via one login mechanism (supporting 3-5 different roles; nothing complex). This login system would be another app/website running on the server, and to gain access to any other app, one must have authenticated via the one login system and the target app must be able to see the user's role. The internal apps will be modified at the code level to plug into this new login system (in other words, we'll modify the current apps to support the authentication).

The whole point of this is that I don't want each app to have its own login/authentication mechanism, but rather use a more "global" authentication system (everything on the same server). I am not looking for anything complex (just a company of 15-25 employees, 3-5 departments - each user must be associated with a department (role) based on their login - and each app will be tuned to show the user the appropriate data based on his role).

The question is - how do I make it so that a user's authentication status is visible across all of the different apps (in different assemblies and running separately)?

Do I need to use Forms authentication? Or something in Spring.NET?

Improve this question

2 Answers 2

Reset to default
6

Single sign-on is relatively easy to achieve within a subdomain or second-level domain. ASP.NET Forms Authentication is a ticket based system where the ticket is stored encrypted in a cookie. What you must achieve is to enable your web apps to share a this cookie.

For a subdomain scenario (e.g. mysite.com/app1, mysite.com/app2), just set the encryption/decryption keys to be the same in machinekey setting in web.config files.

For a second-level domain scenario (e.g. app1.mysite.com, app2.mysite.com), in addition to the above, you need to make some code change to force all authentication cookies to use the same top level domain (e.g. mysite.com).

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I followed your instruction. It did not work. When I click the link to navigate to app2.mydomain.com from app1.mydomain.com it redirect to login.
On my local it works perfectly well even without them having same keys.
2

If your company is running on Windows and you've got an Active Directory setup internally ( Active Directory Domain Services), you can setup all your ASP.NET sites to use integrated Windows Authentication. This is extremely easy to setup and very common for intranet sites. Users accessing your internal sites are automatically authenticated with their Windows Identity which means no need for a username & password login form. Read all about it here: http://www.asp.net/mvc/tutorials/authenticating-users-with-windows-authentication-cs

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.