Wednesday, January 27, 2010

Forms Authentication Across Domains



I discussed once (May 2007) sharing keys while using ‘Forms Authentication Across Applications’

The discussion was about sharing the same authentication keys Across Applications Located On The Same Or Different Web Servers in the same domain.


Here we’ll see – Sharing the same authentication keys Across Domains


A browser cookie is always domain relative. For example, the Amazon website cannot read cookies set by the Barnes and Noble website, which is a good thing. However, you might discover that you need to share authentication information Across Websites With Different Domains.

You can work around this problem by passing an authentication ticket in a query string parameter rather than in a cookie. There is nothing to prevent you from passing query strings between domains.

The web configuration file in Listing 21.6 includes an enableCrossAppRedirects attribute that enables sharing authentication tickets across domains.


Note: To enable this scenario, you must configure your applications to accept authentication tickets passed in a query string.


<?xml version="1.0"?>



    <authentication mode="Forms">

      <forms enableCrossAppRedirects="true" />







      validationKey="61A8E04A146AFFAB81B6AD19654F99EA7370807F18F5002725DAB98B8EFD19C711337..." />






Sub Page_Load()

  Dim cookieName As String = FormsAuthentication.FormsCookieName

  Dim cookieValue As String = FormsAuthentication.GetAuthCookie(User.Identity.Name, False).Value

  lnkOtherDomain.NavigateUrl &= String.Format("?{0}={1}", cookieName, cookieValue)

End Sub


<html xmlns="" >

<head id="Head1" runat="server">



    <form id="form1" runat="server">





        Text="Link to Other Domain"


        Runat="server" />








Hope this helps.



Arun Manglick


Disclaimer: The information contained in this message may be privileged, confidential, and protected from disclosure. If you are not the intended recipient, or an employee, or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer.

No comments:

Post a Comment