Pass value with cookies between asp.net mvc3 - asp.net

Is it possible pass an value(object type) with cookies between asp.net mvc3 applications? explain with example.

Provided both the MVC applications are from the same domain; yes. When you create the cookie, you should allow it to be accessed by the sub domain. This is not an MVC specific restriction, but a general web restriction.
Your browser will prevent pages from different domains from accessing each other’s cookies.
Alos the browser will prevent you from creating cookies for other domains. For example, your application lives in domaina.com and you are trying to create a cookie domainb.com will not work.
There are hacks and mods around these restrictions but they are generally not recommended.
I recommend you use a plugin/library such as https://github.com/carhartl/jquery-cookie to get the task done. There are many examples on how to use the plugin at the above url.
Cheers

Related

SSO between ASP.Net and JSP

I built an ASP.Net MVC 4 application which uses forms authentication by means of a custom membership provider inheriting from the Simple Membership.
Everything is working fine, but now I have a new requirement: I need to integrate a JSP application with mine.
This means that it has to authenticate against the same user database of my application and that they should somehow share the session in order to achieve a kind of Single Sign-On among the two applications (if an user is already authenticated in the ASP.Net application, he should be able to access the JSP application without logging in again, and vice-versa).
What architecture do you suggest me to use?
I would like to change as little as possible the ASP.Net application.
Thanks!
If you need to auhtenticate accross different domains:
You can implement your own security token service (like facebook, google does) Here is some ready to use implementation: http://thinktecture.github.io/Thinktecture.IdentityServer.v2/
If the sites are running on the same domain (subdomain), then you can try to share an authentication cookie within these domains.
An explaining article: http://www.codeproject.com/Articles/106439/Single-Sign-On-SSO-for-cross-domain-ASP-NET-applic

How can I Protect some pages through authentication?

I have many pages in web application, i want display some pages to all including anonymous user and some pages should be protected from anonymous user can it is possible through authentication and authorization.. if it is possible then please tell me how......
There is built in functionality in ASP.NET for this. See ASP.NET Authorization on MSDN for an introduction.
You can specify what roles are allowed to access different pages/paths. With a membership and role provider you get a built in handling of users and roles. If you are in a corporate environment you probably want to integrate with Windows authentication, otherwise there is a good SqlMembership provider that handles all the user storage in the database in a secure way.
If you want to keep away from building an authentication system into your application you're best bet is to look at putting the pages that need protection into a separate directory on the webserver, then using : http://httpd.apache.org/docs/2.0/howto/auth.html to protect them.
This of course assumes you're using apache.
It is no longer recommended to use the .htaccess files.

Using Forms Authentication with dynamic directory / resource security

I work on an Ektron CMS solution where our site implements a membership-based access model. There are certain resources that we publish that require a purchased membership to access, others you just need to register on the site, and some are free.
We use Ektron's Aliasing extensively, which is essentially URL rewriting. So, we have resources like /about/ that map to /default.aspx?id=1234, which is available to the public, but we also have resources like /surveys/ that map to /default.aspx?id=3456 that are restricted.
How would I implement the granular access to these resources using Forms Authentication depending on the resource that is requested?
Thanks in advance.
You can wrap that url mapper, with a 'pre-mapper' that will forward unauthenticated users to different urls in case the target url is restricted.

select login page for forms authentication based on custom rules

i have a web site that uses forms authentication. the problem is that i have the site installed multiple times on the same production servers because i need to have a few different login pages (based on the domain in this case). after the domain specific login page, the rest of the site is the same. obviously, this requires a lot of maintenance as each new version has to be installed multiple times on the server (with varying the login page in the web.config file).
so i thought is there a way to install the site on 1 folder on the disk, have a web site on the IIS take in all the needed domains and make some http module (or some other solution) in which i could give it a list of domains and the forms authentication for that domain. this way make the login page used by each site change according to the domain while still having only one site to maintain on the server.
Thanks
Dani Avni
I have seen this go a number of ways and a lot of it depends on how you have things setup in IIS.
If all domains are on the same IIS website the most common solution would be to create a httpmodule, or even an actual .aspx page, that loads configuration and based on the requested URL send the user to the right login page. You could even do a "Server.Transfer()" if you want the users URL to stay the same. Then in the web.config you still set a single login page. Just make sure that each other login page allows anonymous users access.
If all domains are separate IIS sites, i would recommend at that point just maintaining different copies of the sites. But the real question is why you need different logins.
My workplace has a couple of web applications that do exactly what you are trying to describe. There are a couple of approaches we have used, depending on the situation.
The more common approach we use is to have all the actual sites on IIS point to the same directory. The logic for the login gets the URL, determines which client site is being requested, and takes that into account on login. The actual login page is the same for all client sites, though, so it's just determining which database to use.
If you want to do anything fancier than that, another approach we have used is to create our own MembershipProvider, at which point you can basically do whatever you want. You should have access to HttpContext.Current if your class is being called by the ASP.NET authentication provider (you would set the membership provider in Web.config to your provider).

Sharing authentication between IIS applications on same domain

I have an IIS website on www.example.com
and a virtual directory at www.example.com/demo/
How can I use the authentication cookie from www.example.com in my virtual directory?
You are looking for a Single Site Login solution. If the article I linked to doesn't help you, there's plenty more on google when you know what to search for ;)
The cookies are shared in the same domain, even shared between applications.
I have used the same cookie to share authentication between a Classic ASP app and a .net app without problems.
Just use the same rules to encrypt or store the cookie.
A solution would be to use integrated authentication. This way the user look up, and authentication authority used, will be the same accost all sites with the servers on the same domain. If you are using something like basic or kerberos authentication then your authentication will not pass between sites even on the same server and possibly between parts of the site that run under different threads, eg a different app pool.
Use session data in asp or cookies to share session information on the same site between pages. Cookies will work even if the virtual folders are shared in a different pool. Just code around the requirements of your virtual directory, in case its shared between multiple sites.
P.S. If you are already using cookies, just have the code in your virtual be the same as what you are using on the other pages.
What are the additional requirements for the virtual? Is it on the same server?

Resources