How can we access cookie created by one domain in another domain.
I have created cookie as following in one domain
Response.Cookies["newOne"].Value = "something";
from another domain I am accessing it as
var data = Request.Cookies["newOne"].Value; //This is throwing exception
I am able to access cookie from local but not from another domain.
Give your cookie domain name also as shown :-
Response.Cookies["newOne"].Value = "something";
Response.Cookies["newOne"].Domain = ".mydomain.com"
and then access its value in other domain.
HttpCookie hcookie = new HttpCookie("cookiename","Cookie Value");
hcookie.Domain = ".example.com";
Please try this link
http://msdn.microsoft.com/en-us/library/dd920298(v=vs.95).aspx
This question's pretty cold, but in case anyone else stumbling on it, or the OP still has need, I've created an NPM module, which allows you to share locally-stored data across domains:
https://www.npmjs.com/package/cookie-toss
By using an iframe hosted on Domain A, you can store all of your user data on Domain A, and reference that data by posting requests to the Domain A iframe.
Thus, Domains B, C, etc. can inject the iframe and post requests to it to store and access the desired data. Domain A becomes the hub for all shared data.
With a domain whitelist inside of Domain A, you can ensure only your dependent sites can access the data on Domain A.
The trick is to have the code inside of the iframe on Domain A which is able to recognize which data is being requested. The README in the above NPM module goes more in depth into the procedure.
Hope this helps!
Related
I have my Google Analytics account set up for my web application, lets say my application name is Appstore.com
I have different environments for my application Appstore-dev.com , Appstore-qa.com, Appstore-uat.com and the production Appstore.com.
To capture the traffic of all these sites i created a single property in the property settings under the Default url i have given my production url Appstore.com.
For the same property i created 4 different views for Dev, QA, UAT and Production, Now for each View i have added a filter which says 'Include Only' 'Traffic to the host name' 'that are equal to' and the corresponding url of that View.
Now my application URL's are going to change, and i want to existing data in the views to be as it is and from now onwards capture the data from the new url, lets say new URL's are Newappstore-dev.com , Newappstore-qa.com, Newappstore-uat.com and the production Newappstore.com.
If i just change the host name in the filters of each view will that be a right approach ?
Note : The source code or my application is not going to change in any way only the application URL's are going to change.
Of course, you just need to change the filter with the new hostnames and from that moment Analytics will collect only the data coming from those hostnames.
I don't think the title of the question is particularly accurate but that's how best i could title it.
Without summarizing, I have an MVC app hosted on Microsoft Azure. The app was built for multiple institutions (each connecting to a separate database) but the Login Module (Asp Identity) is in a central database (users are identified by their institution code). So during deployment, a sub domain is created (still pointing to the app on azure).
My problem is, the app has no regard for the Request Url, the sessions are maintained across domains. This is a serious problem because i cache User data (by session). So if a user Logs in on "domain1.myapp.com" , then opens another tab , logs into "domain2.myapp.com" , all data cached for the user logged in for "domain1" will be used for the user logged in at "domain2". The app doesn't bother to get data for the user in "domain2" since the key for that data value is already present in the session cache.
Okay, I hope the problem is understood. How do i get past this.
Ideas ? implementation ?
EDIT 1
I insert data into the cache by,
HttpRuntime.Cache.Insert("KEY", "VALUE", null, DateTime.Now.AddMinutes(30),Cache.NoSlidingExpiration);
Your caching strategy needs to change when you cache per user and per domain. The simplest approach is just to add the domain and user name to the cache key, which will keep each cache in a separate per user and per domain bucket. Make sure you put a delimiter between the values to ensure uniqueness of the key.
var domain = HttpContext.Request.Url.DnsSafeHost;
var user = HttpContext.User.Identity.Name;
var key = "__" + domain + "_" + user + "_" + "KEY";
HttpRuntime.Cache.Insert(key, "VALUE", null, DateTime.Now.AddMinutes(30),Cache.NoSlidingExpiration);
Note that if you use HttpContext.Session, it will automatically put different domain information into separate buckets because it is based on a cookie (which by default is domain specific). However, HttpContext.Session comes with its own set of problems.
I need to share cookie between two web applications deployed on azure (eg. x1.azurewebsites.net, x2.azurewebsites.net)
I thought that all i need to do is to set a domain:
Response.Cookies.Add(new HttpCookie("TEST", "BLE")
{
Domain = "azurewebsites.net"
});
But its not working.
For test purposes I added:
Response.Cookies.Add(new HttpCookie("TEST2", "AQQ"));
And this one works ok - but its available only on x1.azurewebsites.net
So the question is whats wrong with the code above?
Is it possible to share cookie like this?
Maybe this is security issue? - i understand that every application hosted on azuerwebsites will have access to information stored in my cookie
I found my question similar to
Chrome34 ignores cookies with domain ".cloudapp.net"
So the cause of my issue is browser checks the publicsuffix.org list for domains and block cookies for security reasons.
For more info please see:
http://publicsuffix.org/
RFC2109 says, that explicit specified domains must start with a dot.
http://www.ietf.org/rfc/rfc2109.txt
I am trying to send activation mail to the currently registered user.In mail body,I need to send a link like http://example.com/account/activation?username=d&email=g.Now, for debugging on local machine, I manually write it as localhost:30995/account/activation?username=d&email=g. But, when my port number changes, I need to rewrite it.
I tried another question
on this website,but, compiler gives error like url.action doesnot exist.
Please give me fresh solution as I am confused with that solution.
Use a Url.Action overload that takes a protocol parameter to generate your URLs:
Url.Action("Activation", "Account", new { username = "d", email = "g" }, "http")
This generates an absolute URL rather than a relative one. The protocol can be either "http" or "https". So this will return http://localhost:XXXXX/account/activation?username=d&email=g on your local machine, and http://example.com/account/activation?username=d&email=g on production.
In short, this will stick whatever domain you're hosting your app on in front of your URL; you can then change your hostname/port number/domain name as many times as you want. Your links will always point to the host they originated from. That should solve the problem you're facing.
Try using IIS / IIS-Express instead of Casinni web server that comes with visual studio.
You could add bindings to have the right URL (with host entries of course).
This will avoid the port numbers in your links.
I'm writing ASP.NET code to run on an internal network where Windows Authentication will be used. Certain operations will require me to run a group membership check on other users (not the current user)
NOTE: I am NOT trying to impersonate this account, or access any information in the context of this other user. Just trying to find out what kind of user they are for internal business logic.
My first thought was to use
new WindowsPrincipal(new WindowsIdentity("MACHINENAME\\username"))
.IsInRole("MACHINENAME\\Group1")
However, the WindowsIdentity constructor fails with a SecurityException "The name provided is not a properly formed account name".
If I strip MACHINENAME\ from the parameter, I get a different error: There are currently no logon servers available to service the logon request
The WindowsTokenRoleProvider role provider explicitly only works with the current user, and will not check other user accounts.
Are there security restrictions to checking roles of other users? Would it make a difference if the web server was on a domain and I were checking domain accounts?
In the end, I'll need to have this work on an AD domain, but would prefer a solution that will work on either local or AD accounts.
Thank you
UPDATE: I've been able to test this on a domain now -- the code does work in an AD context so long as I don't use the domain name (test "username" against "Group1", not "DOMAIN\username" against "DOMAIN\Group1")
So how would I get this to work in the context of local users and groups?
Based on Rob A's comment, PrincipalContext and UserPrincipal are the classes I apparently need to use:
using (PrincipalContext ctx = new PrincipalContext(ContextType.Machine))
{
var u = UserPrincipal.FindByIdentity(ctx, IdentityType.Name, "username");
var b = u.IsMemberOf(ctx, IdentityType.Name, "Group1");
var groups = u.GetAuthorizationGroups();
}
And by altering the ContextType, can switch between local accounts and AD accounts. I wish this was built into a RoleProvider, but I guess that's something I'd have to do for myself.