5

I have an ASP.NET Website with login page that redirects to default page in case of successful authentication. I have another ASP.NET site under another domain, where I need to place a login form, that will redirect already authenticated user to the default page of the first website. What is the best way of doing this?

Any help will be appreciated..

GAG
  • 127
  • 1
  • 9
  • The basic problem is that you don't have the authentication token of the other domain. However, it should be possible to do an AJAX request to the first site, and have it return whether the user is logged in or not (including the redirect URL, if necessary). You just have to use HTTP headers to tell the browser this is a legal action (valid accept-origin). – Luaan Oct 17 '14 at 14:26
  • If you have access to the code on both websites you could add tokens to the query string that both sites can understand and translate into information used to authenticate a user automatically. Another option is to use proper single sign on as Joe suggested below. – Ricardo Sanchez Oct 17 '14 at 14:46

2 Answers2

1

What you are after is single sign on. The mechanics of the succsesful login redirect are in the web.config

see here http://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx 

<configuration>
<system.web>
<authentication mode="Forms" >
  <!-- The name, protection, and path attributes must match 
       exactly in each Web.config file. -->
  <forms loginUrl="login.aspx"
    name=".ASPXFORMSAUTH" 
    protection="All"  
    path="/" 
    domain="contoso.com" 
    timeout="30" />
</authentication>
<!-- Validation and decryption keys must exactly match and cannot
     be set to "AutoGenerate". The validation and decryption
     algorithms must also be the same. -->
<machineKey
  validationKey="[your key here]" 
  decryptionKey="[your key here]" 
  validation="SHA1" />

Also look here: Asp.net forms authentication and multiple domains

Community
  • 1
  • 1
Joe Johnston
  • 2,794
  • 2
  • 31
  • 54
0

Thank you for your responses. I think my question wasn't exact enough.

I solved my problem using iframe with first applications's login page as a source. 

<iframe id = "iframe1" name ="loginFrame" src="http://domain2/Login.aspx?for_web=true" onload="iframeLoaded" ></iframe>

To redirect to the logged-in default page of the first site, added OnClientClick="formWeb.target ='_parent';" to a login button. So when the Login button is clicked, in case of successful authentication, the default page (under another domain) will be opened in the same window (not a frame)

<form id="formWeb" runat="server">  
    <asp:Button ID="btnLogin" runat="server" Text="Login" OnClick="btnLogin_Click" OnClientClick="formWeb.target ='_parent';" />
</form>
GAG
  • 127
  • 1
  • 9
  • 1
    You've answered your own question but its worth mentioning JSON web tokens, these are lightweight and would be ideal in this use case - http://jwt.io – Mark Walsh Oct 21 '14 at 15:06