asp.net


ASP.NET Forms Authentication Across Applications Issue


This has been the bane of my existence for the better part of a week.
I have four existing webforms applications that utilize forms authentication. The URL for each is mydomain/app1/, mydomain/app2/, etc. I have been tasked with creating a new application that will function as a single sign-on application with the URL mydomain/ssoapp. Once a user logs in, it basically compiles everything from the pre-existing apps that the user has access to, so our users don't have to go out and log into each of them separately. But the old applications need to function as they currently do.
The important part of my web.config is as follows:
<authentication mode="Forms" >
<forms loginUrl="frmLogin.aspx?Type=login" name="sqlAuthCookie" protection="All" path="/" domain="mydomain"
timeout="60" cookieless="UseCookies" enableCrossAppRedirects="true" />
</authentication>
<machineKey validation="SHA1" decryption="AES" decryptionKey="mykey" validationKey="myvalkey"/>
Simply adding this to the web.config for all of the applications worked like a charm....for three of them.
In the SSO application I'm creating a formsauthenticationticket, cookie, and adding that to the response with the following code. Each of the four pre-existing applications uses this same code as well:
Dim lTicket As New FormsAuthenticationTicket( _
1, _
pstrUserId.ToString, _
System.DateTime.Now, _
System.DateTime.Now.AddMinutes(60), _
True, _
pstrUserId.ToString, _
FormsAuthentication.FormsCookiePath)
' Encrypt the ticket.
Dim lencTicket As String = FormsAuthentication.Encrypt(lTicket)
' Create the cookie and add to response
Dim cookie As HttpCookie = New HttpCookie(FormsAuthentication.FormsCookieName, lencTicket)
cookie.Domain = ".mydomain.gov"
pobjResponse.SetCookie(cookie)
pobjResponse.Cookies.Add(cookie)
'Cleanup
lencTicket = Nothing
lTicket = Nothing
In chrome debugger for the SSO application, I log in and the cookie is created with the correct information.
I can click on my menu list, which uses a response.redirect to go out to the other applications. For the 3 working applications, I bypass the login screen, go directly to the form I need, and the cookie is unchanged
For the problem child application, I can still see the cookie however I am redirected back to the login screen.
If I login from this point, a new cookie is created, with the same name as the preexisting one, however the domain has the "www" prefix on it
Other useful information (maybe):
I've ensured that all machinekey, decryption key, validation method, etc match across applications
My domain is in the format of sub1.mid1.gov . I've tried every combination of the format for this in the cookie assignment and web.config. Both with and without the preceding dot.
I've removed httpRuntime from the web.config as some others had mentioned this causes issues.
There are no errors in the IIS logs
All applications are running under the same apppool currently
Currently I'm contemplating taking some vacation time so I don't feel bad about crying in the corner on my employers dime. I'm sure it's something ridiculously simple, but I appreciate any help in the matter. Thanks!

Related Links

Does output cache in ASP.net takes the fragment into consideration
Different output cache timeout for different usercontrols
asp.net: what's the page life cycle order of a control/page compared to a user contorl inside it?
Adding classic code behind asp.net page to asp.net mvc 3
Asp.Net difference between doPostBack & DoPostBackWithOptions
Visualize the traces written after or before a page cyclelife in asp.net
RAD Editor Dialogs Failing with UrlRewritingNet (Telerik KB Article: “Web.config registration missing!” not helpful)
How to apply stylesheet in our user control
how to collect json data in asp.net web page
How to resolve error while implementing DES encrypt/decrypt in asp.net?
URL link in SQL DIRECT
How to create an RSS feed in ASP.NET 3.5?
Using Web.Config Active Directory Connection String
Compiler Error Message: CS0433: The type 'MasterPage' exists in both 'c:\~\App_Web_ogmril5q.DLL' and 'c:\~\App_Web_ogmril5q.DLL'
how to insert data in to grid view using asp.net without database
In ASP.net Page life cycle on which state Controls is accessible?

Categories

HOME
spring-boot
teradata
leaflet
compression
blob
magento-1.9.2.1
arguments
servicenow
flowtype
box-api
cracking
coding-style
normals
kairosdb
velocity
decoding
desktop-application
derby
box2d
reportlab
google-calendar-api3
aiml
include-path
dev-c++
android-wear-2.0
my.cnf
suitescript
scalatest
continuous-fourier
dynamic-memory-allocation
ibm-bpm
visual-studio-debugging
directions
jsonapi-resources
zimbra
headphones
intersection
maven-2
anypoint-studio
libconfig
icu
susy
android-graphview
aura-framework
rexx
codepen
gridgain
ocpjp
synchronized
qtwebkit
mef
django-tables2
ng-class
monaca
runtime-permissions
dynamic-linking
cc
grib
business-catalyst
overhead
timefield
optional-parameters
universe
jspx
xcode7.1
cosign-api
particle-system
bytearray
angularfire
jde
sqlxml
custom-build-step
factorization
sqldataadapter
ewam
wiql
newlib
maven-antrun-plugin
producer-consumer
web-standards
teamwork
httpmodule
service-broker
mathics
numerical-recipes
attiny
static-files
nsq
xcode5
report-builder2.0
yosemite
powerpoint-2010
nest-initiative
mvcgrid
nspopupbutton
sendy
codio
autofilter
mysql-error-1146
myrrix
nokogiri
kohana-orm
extensibility
gwt2
generator-expression
blotter
vline
teamsystem
jmesa
nsundomanager
overlays
jqtransform
mass-emails
fxcopcmd
table-valued-parameters
pitch-shifting
appointment

Resources

Encrypt Message