开发者

Getting authenticated user's username on a subdomain

I have Forms authentication setup for an ASP.NET 4.0 application on http://example.com - we'll call it MainApp. I also have an ASP.NET 4.0 app running on http://static.example.com which (let's call it SubApp) doesn't have access to the main app.

Now, SubApp needs to figure out usernames of users who first logged in to the MainApp and then came to SubApp. I thought that it's enough for those two apps to have the same machine keys and for the SubApp to specify in web.config, so it could read the MainApp's authentication cookie and get username from it.

I di开发者_StackOverflow中文版d a simple test and when I try to hit some page on SubApp it keeps redirecting to http://static.example.com/login.aspx - which doesn't even exist not specified in web.config. Apparently my approach doesn't work, though I don't understand why - main domain's cookie should be accessible on a subdomain, right?

This is how I configure authentication in SubApp:

<authentication mode="Forms">
    <forms domain="example.com"/>
</authentication>

<authorization>
    <allow users="*"/>
</authorization>


You could try setting the domain property of the <forms> tag in web.config for both applications:

<authentication mode="Forms">
  <forms 
      loginUrl="~/Account/LogOn" 
      timeout="2880" 
      domain="example.com"
  />
</authentication>

This will effectively set the authentication cookie validity for both example.com and static.example.com, meaning that a user who authenticated on the first domain will automatically be authenticated on the second.


Darin is brilliant.

I have a main domain calling a sub-domain (with window.open...) with forms authentication on both...would work on my dev machine and chrome in the cloud but not IE10 in the cloud.

Basically they both use the same database so passed a guid that was stored in the database by the main domain to the subdomain. This was then validated from the querystring and the identity set by FormsAuthentication.SetAuthCookie(MyUserID.ToString)

I - tried the hotfix update on the server (thanks to - added a browser file - set cookieless="UseCookies" in web.config

but it wasn't until I set the domain property to the root domain that it worked in IE10...4 days of research for 1 little problem.

Yes !!!!!

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜