There are other ways to achieve Single Sign-on such as Token Based Authentication, but we will talk about that some other time. In this post, we will focus on how to achieve Single Sign-on with Forms Authentication.
Before you proceed, make sure that you know what is Forms Authentication. In case you do not know what is it, you can refer to this link as your starting point. https://support.microsoft.com/en-us/kb/301240.
Assuming you have 2 web applications with 1 of them has configured the authentication element in your web configuration file that looks like the following.
[web.config]
<authentication mode="Forms">
<forms loginUrl="Login.aspx" name=".CookieName" />
</authentication>
Duplicate this section to your second web application's web configuration file. If you requires the website to redirect back to your first web application's login page, change the loginUrl attribute to point it to the first web application's login page. Make sure the mode attribute in authentication element and name attribute in forms element are the same for both web applications.
Next, you need to add the machineKey element into both of your web applications. The machineKey element will be as shown below.
[web.config]
<machineKey validationKey="BA36D1A3FAFEAFF8D2F78E4BC1D3EBEC6925124C9B56464E113EAFC90101942453D46DE50B6C22FCA62661B5CAEA4E3E9DEB0B21DE1B3D96850132EFEA8A43A9"
decryptionKey="2C615FEDED6AEE0C38464A15B5452E4D103BD947B9C665E4"
validation="SHA1"
decryption="AES"/>
You may be wondering where do the values come from or how to generate it. Well, there are few ways to generate it and I will only show you 1 of the methods, in which can be done through IIS Manager.
1) Open up IIS Manager.
2) On the left pane, click on either one the nodes named with machine name, Sites, any websites or any virtual directories.
3) On the middle pane, under ASP.NET section, click Machine Key,
4) Select your desired Validation method, Encryption method and leave the rest as default.
5) On the right pane, click Generate Keys.
6) On the middle pane, the text boxes under Validation key and Decryption Key will be filled with random text. Copy them and add it to your machineKey element.
Note: Do not click Apply, which is located at the right pane as we do not need to save the settings in IIS Manager.
Once you have done, publish both of your web applications into the same website with different virtual directory. Log in to your web application and you will be able to access both applications. If you have implement logout features on both of your applications, logging out on either one of the applications will prevent end users to access both web applications until they have log in again.
You may refer to the sample project here. https://1drv.ms/u/s!Aj2AA7hoIWHmgmjgFt4GXfd6JFVf
Nice, try to use a mssql server to store the session data into a database. Then change the iis settings from inproc to mssql for session storage. But one problem can cod be the domain binding of the asp.net session cookie.
ReplyDelete