I'm trying to read a cookie created by a Java app from Asp.Net but not having much luck
I'm using this line of code:
string CoockieValue = Response.Cookies["Cookie_Name"].Value;
Is this possible at all ?
We basically have an authentication web ui developed in java and there is a url that takes to an Asp.Net page that needs to read this cookie
Please advise
Thanks!
Is this possible at all ?
Yes, if both applications are hosted on the same domain. If not, then, no, it is not possible.
When setting a cookie there are 2 properties: path and domain which could be specified in order to limit the scope of the cookie.
So for example when in your Java application you set the cookie with domain="foo.com", all application on any subdomain on foo.com will be able to read it. So if you Java application is hosted on java.foo.com and your ASP.NET application is hosted on asp.foo.com it will be able to access it.
Related
I built an ASP.Net MVC 4 application which uses forms authentication by means of a custom membership provider inheriting from the Simple Membership.
Everything is working fine, but now I have a new requirement: I need to integrate a JSP application with mine.
This means that it has to authenticate against the same user database of my application and that they should somehow share the session in order to achieve a kind of Single Sign-On among the two applications (if an user is already authenticated in the ASP.Net application, he should be able to access the JSP application without logging in again, and vice-versa).
What architecture do you suggest me to use?
I would like to change as little as possible the ASP.Net application.
Thanks!
If you need to auhtenticate accross different domains:
You can implement your own security token service (like facebook, google does) Here is some ready to use implementation: http://thinktecture.github.io/Thinktecture.IdentityServer.v2/
If the sites are running on the same domain (subdomain), then you can try to share an authentication cookie within these domains.
An explaining article: http://www.codeproject.com/Articles/106439/Single-Sign-On-SSO-for-cross-domain-ASP-NET-applic
I have am asp.net 3.5 web site with a asmx web service and a test aspx page (the page tests the web service using javascript).
I need to run this site with anonymous authentication, so I setup the site in IIS as such.
Now, if I am trying to open the test page in the browser, I get 401.3-Unauthorized error.
Any ideas what should I do to fix it? Do I have to give read access for the physical file to Anonymous Login?
Also, what version of IIS are you using? Also if you are using the IIS mgr and you check anonymous authentication, you need to give it a valid username and password, have you done this?
A 403 can mean several things. It can mean you don't have authentication correctly configured, or it can mean that the ASP.NET worker process does not have rights to access the pages (the security is set to only allow you to access them, for instance). There are other scenarios as well, but these are the two most common.
I have a silverlight application which I load inside a an asp.net website via . If I don't implement any security on the silverlight application itself - will it be secure if the user needs to authenticate on the asp.net page (in which the tag sits) only? Or is there some hack to access the silverlight application without actually accessing the website?
Short answer is No. However it's not clear what you're trying to secure. Usually the precious assets are on the server, and the silverlight client is just one possible way to access those assets. In that case the server is responsible for the ongoing security, not just the secure delivery of the XAP.
Furthermore, once the XAP is delivered it's cached on the client machine. I would expect it to be a trivial matter to relaunch that XAP without going back to the source page.
I have an Asp.NET 3.5 application with security/authentication. I have a second application (built using GWT and running on Windows Tomcat) running on a different machine.
I need to make the second application available to the user via a link generated from the .NET application. This part is easy, I have constructed the link in the asp.net page and the user can click on it to start working in the GWT/Tomcat session.
My question is this...
How do I set it up so that the Tomcat/GWT application is Only Accessible via the link in my asp.NET application?
I don't want the user to be able to copy the link from my asp.net page and then share that with someone else who is not authenticated within my asp.net application.
Your tomcat application will be passed a cookie that is the .NET authentication token iff the client has logged in to your .net application.
Your tomcat application can get this cookie from the request headers, and compose another request with this cookie to check with your .net server and see if the cookie (token) is valid.
I have an IIS website on www.example.com
and a virtual directory at www.example.com/demo/
How can I use the authentication cookie from www.example.com in my virtual directory?
You are looking for a Single Site Login solution. If the article I linked to doesn't help you, there's plenty more on google when you know what to search for ;)
The cookies are shared in the same domain, even shared between applications.
I have used the same cookie to share authentication between a Classic ASP app and a .net app without problems.
Just use the same rules to encrypt or store the cookie.
A solution would be to use integrated authentication. This way the user look up, and authentication authority used, will be the same accost all sites with the servers on the same domain. If you are using something like basic or kerberos authentication then your authentication will not pass between sites even on the same server and possibly between parts of the site that run under different threads, eg a different app pool.
Use session data in asp or cookies to share session information on the same site between pages. Cookies will work even if the virtual folders are shared in a different pool. Just code around the requirements of your virtual directory, in case its shared between multiple sites.
P.S. If you are already using cookies, just have the code in your virtual be the same as what you are using on the other pages.
What are the additional requirements for the virtual? Is it on the same server?