I have MVC web application that use roles in Authorization , Now i want to use SSO with it and other applications that may or may not use roles
I try simple implementation for SSO
<machineKey validationKey="E4451576F51E0562D91A1748DF7AB3027FEF3C2CCAC46D
756C833E1AF20C7BAEFFACF97C7081ADA4648918E0B56BF27D1699A6EB2D9B6967A562CAD14767F163"
decryptionKey="6159C46C9E288028ED26F5A65CED7317A83CB3485DE8C592"
validation="HMACSHA256" decryption="AES" />
<authentication mode="Forms">
<forms name="SingleSignOn"
loginUrl="http://localhost/SSO/Account/Login"
timeout="480" slidingExpiration="true">
<credentials passwordFormat="SHA1">
<user name="demo"
password="89e495e7941cf9e40e6980d14a16bf023ccd4c91"/>
<!--password = demo-->
</credentials>
</forms>
</authentication>
I follow this steps LINK
Related
I have two applications in the same domain: mydomain/app1 and mydomain/app2, and I need to share authentication between them. One app is in Asp.Net WebForms, and the second is using WebApi2.
I configured web.config like below:
App1:
<authentication mode="Forms">
<forms loginUrl="/Login.aspx" defaultUrl="/Default.aspx" name=".ASPXFORMSAUTH" protection="All" cookieless="UseDeviceProfile" slidingExpiration="true" path="/" domain="mydomain" requireSSL="false" timeout="60" enableCrossAppRedirects="false">
</forms>
</authentication>
<authorization>
<deny users="?" />
<allow users="*"/>
</authorization>
<machineKey validationKey="generated key1" decryptionKey="generated key2" validation="SHA1"/>
App2:
<authentication mode="Forms">
<forms loginUrl="/index.html" defaultUrl="/index.html" name=".ASPXFORMSAUTH" protection="All" cookieless="UseDeviceProfile" slidingExpiration="true" path="/" domain="mydomain" requireSSL="false" timeout="60" enableCrossAppRedirects="false">
</forms>
</authentication>
<authorization>
<deny users="?" />
<allow users="*"/>
</authorization>
<machineKey validationKey="generated key1" decryptionKey="generated key2" validation="SHA1"/>
I am signing into app1 and observe the cookie content.
Then I am requesting an URL from app2 in another browser tab. The cookie (name and content) in the second tab is the same as in the first one.
I expect that the request from the second tab to be authenticated by the app2 since the cookie is already authenticated by the app1.
Yet, this is not happening, and I am redirected to the login page of app2.
As suggested by the OP, here is the answer that works in that case.
They've changed the cookie encryption between 4 and 4.5. You can either make both running under the same .net or turn on the compatibility on the 4.5 site by adding an attribute to your machine key config node.
https://social.microsoft.com/Forums/en-US/1791c5e3-4087-4e92-a460-51c5c4221f49/any-forms-auth-changes-in-45?forum=Offtopic
I have two web applications on old server with IIS 6 with SSO and it works perfect. Now I have new server with IIS 7 and after migration web applications SSO stopped working - when I try go to second application Login page is shown again...
Can somebody tell me what i doing wrong or what I don't know?
here is first web.config
<authentication mode="Forms">
<forms loginUrl="LoginR.aspx" timeout="20" />
</authentication>
<machineKey decryption="AES" decryptionKey="6A6F8E0BCFF28507DDF6316D4BE0CB2AEA85501D0BED1282" validation="SHA1" validationKey="01D0AECBA272DA4662076316AF00F9F2C8F07E12349D1725587612769C9A7B8048AD26BC2298AB2A0D18D2CAF2FC22762E1A3737CFA7EE0E46771DDAAE5B6E1C" />
and second web.config
<authentication mode="Forms">
<forms loginUrl="Http://NEWServerName/FirstAppName/LoginR.aspx" timeout="20" protection="All" path="/" domain="XXX" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
<machineKey decryption="AES" decryptionKey="6A6F8E0BCFF28507DDF6316D4BE0CB2AEA85501D0BED1282" validationKey="01D0AECBA272DA4662076316AF00F9F2C8F07E12349D1725587612769C9A7B8048AD26BC2298AB2A0D18D2CAF2FC22762E1A3737CFA7EE0E46771DDAAE5B6E1C" />
Set application pools to integrated mode.
I am using VS 2012 , I want to implement folder level user authentication and authorization, i have following folder/files structure.
Following is Admin -> Web.congfig file.
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/login.aspx" timeout="30" defaultUrl="~/default.aspx" cookieless="AutoDetect">
<credentials passwordFormat="Clear">
<user name="Admin" password="abc"/>
</credentials>
</forms>
</authentication>
</system.web>
<location path="~/Admin/Admin.aspx"></location>
<system.web>
<authorization>
<deny users="*"/>
<allow users="Admin"/>
</authorization>
</system.web>
</configuration>
When i compile the application it gives me the following error message.
Error: 1 It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. E:\Kjan\Reports\Admin\Web.config 5
You can not use
<authentication mode="Forms">
<forms loginUrl="~/login.aspx" timeout="30" defaultUrl="~/default.aspx" cookieless="AutoDetect">
<credentials passwordFormat="Clear">
<user name="Admin" password="abc"/>
</credentials>
</forms>
In you inner web.config file.
Use this on root folder and <user name="Admin" password="abc"/> in your inner web.config file.
Some useful links
Multiple/Different authentication settings in web.config
If you are woking on different Areas then MVC
Different authentication mode for different areas
try this
select Menu Build->Configuration Manager select Build checkbox
I wanted to make my login as the default page before the user accesses the home page. This is my code.
<system.webServer>
<defaultDocument>
<files>
<clear/>
<add value="Login.aspx"/>
</files>
</defaultDocument>
</system.webServer>
Thanks! :)
just Right click on that page and click on set as start up page.
What you need to do is first establish the authorization and authentication mechanism. You can use FormsAuthentication and configure the settings in a web.config file. For example, to enable forms authentication you would set the following value in the config file:
<authentication mode="Forms">
<forms
name=".ASPXAUTH"
loginUrl="login.aspx"
defaultUrl="default.aspx"
protection="All"
timeout="30"
path="/"
requireSSL="false"
slidingExpiration="true"
cookieless="UseDeviceProfile" domain=""
enableCrossAppRedirects="false">
<credentials passwordFormat="SHA1" />
</forms>
<passport redirectUrl="internal" />
</authentication>
Here you can see that loginUrl is set to login.aspx. This way, if a user is not authenticated, he or she will be redirected to login.aspx
This is much better approach than establishing your own logic for redirection to login or setting login.aspx as a start page.
I have this section of my web.config file.
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Login.aspx">
<credentials passwordFormat="Clear">
<user name="test#hotmail.com" password="12345" />
</credentials>
</forms>
</authentication>
</system.web>
I have tried to encrypt this section, but I get the object not set to an instance of the object error. This is the path that I called in the encryption class: system.web/authentication/forms/credentials
Any solution please?
Thanks.
If you're using IIS, make sure your site ID in IIS is set to 1 (Advanced settings).