I am using one membership database for different domain. When I login in one domain, I want to automatically also perform a login for different domain in same browser.
if you have same domain name, but sub-domain name different, you can handle this authentication.
i refer this link: http://www.codeproject.com/Articles/106439/Single-Sign-On-SSO-for-cross-domain-ASP-NET-applic
i think there is no solution for it
Related
I am using one membership database for different domain. When I login in one domain, I want to automatically also perform a login for different domain in same browser.
Answer is no. Due to JavaScript Security, one cannot reads cookie set by others.
For example, www.mycompany.com cannot read cookie set by www.yoursite.com.
However, if those two websites are in different sub-domains, you can configure them to share the same cookie.
For example,
one.mycompany.com
two.mycompany.com
Note: ASP.Net offers Token Based Authentication, but you cannot use it with ASP.Net Membership.
I'm working on an MVC4 site using SimpleMembership to handle user accounts and role based authentication. We have another site and we'd like to implement a single sign on system allowing users from the existing site to log in to the one I am building. What would be the best way to achieve this and hopefully leverage to the existing roles based authorization I'm using on the MVC4 site. Is it possible to have multiple membership providers (i.e. use the built in one and if the user is not found, attempt to authenticate via a custom provider that I'll write (once I work out how!). Or would it be better to abandon the built in membership/roles and roll my own?
I also thought of letting WebSecurity check the local database and if the user is not found, query the 2nd database and if the users credentials are valid, create a local account for them. One issue with this approach is if a user called Fred registers on the MVC site, and then a user from the other site called Fred logs in, we couldn't create them a local account with the same username. We could prefix/suffix the username with some text to indicate that they are from the other site but then we lose the single sign on feature.
We will also want to integrate AD authentication for staff in the future.
So essentially I'm looking for the best way to authenticate users from multiple databases and keep using roles based authentication?
I've also done a little digging was wondering if ADFS might be useful for this.
Any help or advice would be greatly appreciated!
I recommend the use of an Identity server to handle all your login request and switching to a claim based authentication instead of a role based authentication if you can.
I personally went with Thinktecture IdentityServer
pluralsight.com have a good course on it.
Thinktecture IdentityServer is build on top of simple Membership and it supports multiple protocol such as
WS-Federation
WS-Trust
OpenID Connect
OAuth2
ADFS Integration
Simple HTTP
I recommend checking it
Good Luck
I am going to have an ASP.net MVC web site (example.com) and a Web API site (api.example.com) running on the same domain. What is the best and most secure way to use Forms Authentication to allow a user to log in to the MVC site, and have that login accepted by the [Authorize] filter in the API site? Additionally, there is the possibility that both sites will be hosted on multiple servers (each of which might have its own subdomain), so a solution that would allow for a single sign on approach to work among all of the servers in the cluster would be preferred.
Take a look at this link http://www.codeproject.com/Articles/27576/Single-Sign-on-in-ASP-NET-and-Other-Platforms this covers the answer in detail.
You will need to ensure all machines and separate applications on the site share a common (but unique to production) machine key to allow the authentication cookies to be trusted by all the machines/applications.
If you are simply using virtual directories under the same sub domain then simply harmonising the web.conig Forms Auth settings and machine keys should get you up and running very quickly.
If you want this to work between a second level domain then you need to change the "Domain" setting on the Form's Auth cookie. See the article for details.
i have an asp.net mvc application that has authentication set to none in the web.config but would like to secure one view with windows authentication. is there any easy/good way to do this without changing the authentication configuration?
Think you'll need to use the Authorize Attribute.
Any reason you can't set Authentication mode to Windows for the project?
Can you write your own authorize attribute which when applied to your method checks a few things, routes you to a challenge page or performs some other action that will satisfy your credentials?
Unsure what you'll use to authorise the user. Maybe check IP, Active Directory user name etc.
If you do it like this then you can re-use the attribute on other pages which would be nice.
If I have an ASP.Net MVC applicaiton where users can only access via an NTLM authenticate account, do I need to use ASP.Net Membership services and issue cookies?
Or do I have completely the wrong end of this particular stick?
You never have to use the asp.net membership provider, it is just an option. If all you need to do is authenticating the user, NTML works just fine by itself. If you need to use the user's identity for further authorization or personalization on the site you need to use some sort of user management, but it doesn't have to be the membership provider, you can write your own or your own.
I doesn't make any difference whether you are using mvc or web-forms.