I'm building three web applications in .NET that will all share a users database and login information. Lets pretend that application 1 is the "parent" application and applications "A" and "B" are the "child" applications. All users have to be logged into application 1 to have access to applications A and B.
Authorization, Authentication, and MachineKey sections of all web configs are present and work correctly.
I have the correct web.config settings in all applications to achieve Single Sign On except one problem remains: what do I put in the "loginUrl" attribute of the forms tag in Applications A and B.
Assume that the url for the login to application 1 is "www.johnsapp.com/login.aspx" How can I get applications A and B to send the user back to application 1 for authentication using only settings in web.config?
You could use
if (!Request.IsAuthenticated)
Response.Redirect("~/Login.aspx?ReturnUrl=~/thisurl");
in the Page_Load function of the codebehind. This will redirect automatically.
How about using Windows authentication?
Related
I have two websites:
The first one is an ASP.NET MVC website on .Net framework 4.7.2
The second one is an ASP.NET MVC Core Website on .Net Core 6
Important to note, these 2 websites are on different domains.
Actually, you can sign in on the first one by email, a Google account or a Facebook account.
I need to be able to sign in the second one (these 2 sites share the same client database).
Of course, if I am logged on the first one, I need to be logged on the second one, and vice versa.
I am looking for a free and "simple" solution.
I don't want to use ASP.NET Identity.
I suppose that I need a 3rd website which will manage the login/logout?
I found this interesting article https://www.codeproject.com/Articles/106439/Single-Sign-On-SSO-for-cross-domain-ASP-NET-applic but it's outdated : it uses asp.net webforms.
Any advice?
You can use Token Authorization from one application User being logged in can click on a redirect button to another application
from clicking on link the first application will make a JWT token or any encrypted user values using Symmertic Algo. Then then route on Another (Second) Application
will Verify the JWT token or any encrypted user values to login In the User for Antoher Application and set the desired session in that application. you can also maintain the logs for logining in user in Database.
I have viewed and tried dozens of "answers" on StackOverflow, but none work.
I have a pretty simple aspx page with C# code behind.
The web site is on a Windows 2008R2 server.
The web site looks like (actual names changed):
MyServer - set for Anonymous Authentication
Application Pools
ASP.NET v4.0 Classic - .Net 4.0, Classic pipeline, App Pool Identity
MySiteAppPool - .Net 2.0, Integrated, runs under a Domain-wide Service identity (call it "mycompany\domservice")
Sites
MyMainSite - Windows Authentication, uses "MySiteAppPool"
"AutoPrint" - my web app, Windows Authentication, uses "ASP.Net v4.0 Classic" app pool, ASP.NET Impersonation enabled
My "AutoPrint" web app has a start page "AutoPrint.aspx" and code behind ("AutoPrint.aspx.cs", plus several classes).
The server and main site are not alterable, as there are several other applications under this site.
The user currently invokes this app with :
http://MyServer/AutoPrint
Everything I have tried is returning the "mycompany\domservice" result:
Request.LogonUserIdentity.Name.ToString() - returns "mycompany\domservice"
System.Environment.UserName.ToString() - returns "domservice"
System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString() - returns "mycompany\domservice"
What am I missing here? Why is this so hard?
Further clarifications:
"mycompany\domservice" - the "domservice" account is just an ActiveDirectory account in the "mycompany" domain that has permissions to read/write directories needed by the site and other applications. When installing the Site and additional web apps, we use that account as the "connect as" user.
What I am trying to do is to get the ActiveDirectory name of the Windows user account of the person who opened their browser and accessed this app. If user "JJONES" logs into Windows and launches the app with "http://myserver/autoprint", I want to get either "JJONES" or "mycompany\JJONES" as the user name.
If you use anonymous authentication, then the browser does not send any credentials (user id/password) to the server. Therefore if you want the client user id on the server, you have to use non-anonymous authentication, e.g,. Windows or Forms. You can use non-anonymous authentication and then allow or deny access to your web site to specific users or groups of users, or all users.
Thank you for all the helpful comments/suggestions.
The problem turned out to be a combination of factors. The App Pool I was using was using App Pool Identity (which has limited rights), so I had to use a specific account (the domain service account) in the "Connect as..." for the physical path credentials in order to access certain files.
Changing to use an App Pool that used an account with sufficient privileges (the domain service account) allowed me to leave the "Connect as..." using Pass-through authentication when converting to application.
Voila - I now get the user credentials using pretty much any of the proposed methods. After way too many hours of beating my head against the keyboard...
Have you looked at using HttpContext.User property ? This will give the current logged on user. After which point you may need to perform some nifty LDAP queries to get the username from AD.
See https://msdn.microsoft.com/en-us/library/system.web.httpcontext.user(v=vs.110).aspx
You may want to see the below link on how to search AD on the link "How can I search Active Directory by username using C#?"
Hope this helps you.
I have a Parent Application just a view where you can click different buttons to open the links embedded in it, which takes you to different asp.net applications. Problem is each of the application's basic authentication is set to true in IIS. How can i implement single sign on to save user to enter the password each time.
One solution is you make form authentication in each sites and in web config the machine key of the applications should be same. I want to know is there any way that i can set Single sign on settings in the parent application in IIS? as i dont want to distrub other applications code.
Looking for some guidance on using ASP.NET Identity to provide a single location for logon / authentication across a number of sites (that are all subdomains of a common domain).
The current setup is that I have 2 websites:
site1.example.com
site2.example.com
They present different views of the system to users, and they share the same backend database, and therefore the same ASP.NET Identity tables. Logging on via either site logs on via the same db.
What I want to do is unify the logon process via a third site:
auth.example.com
The idea being that the user visits site1.example.com, clicks a login button, is redirected to auth.example.com, performs the log in, and is redirected back to site1.example.com.
If they then navigated to site2.example.com, it would be nice if they were seen to be authenticated already.
What you seem to be looking for is single sign on. https://github.com/thinktecture/Thinktecture.IdentityServer.v3 Is the one that I like and it is open source. I think is supports ASP.NET Identity as a user service as well.
okay I have a web application that manages the logins for different client web applications, stored inside the root folder. Each client web application has its own login controlled by C# Roles class, where by they are routed to their site.
http://msdn.microsoft.com/en-us/library/system.web.security.roles.aspx
Now while logging in and using the site works perfectly, the problem is if a user enters the url for one of the other client sites, it allows them access to it.
Is it possible to restrict this access?
Your roles should be attached to a specific application. This can either be done with separate databases for each application, by adding and filtering based on the associated application within your role manager, or using application specific roles for each application (I'd avoid this, but it should work). If you have the role "user" that is used by multiple applications without any filtering, then the individual application won't know whether it's a user for their app or not, and thus by default allow any "user" to access any application that allows users.