Reputation: 751
Using Forms authentication cross domain
here is our problem.. We have built an MVC Web-api that uses Forms authentication with cookies to handle sessions. When we use our front-end webpage on the same domain (localhost or web-server) as the web-api, all works fine. (We use JQuery $.get and $.post to communicate with the web-api).
Though the front-end is in the future supposed to be a standalone html5 app, not located on the same domain as the web-api. This isn't working unfortunately.
The web-api does return an authentication cookie to the client, BUT the cookie isn't brought back to the web-api when the front-end sends it's requests. When both web-api and front-end are on the same domain, the cookie is automatically sent with the request.
We've tried setting "Access-Control-Allow-Origin: *" and "Access-Control-Allow-Authentication: true" in the web-api webconfig file.
Upvotes: 6
Views: 4664
Answers (1)
Reputation: 4485
What you need is a single-sign-on(SSO) feature.
Browser will only cookies to the same domain, that is the reason why it was not working when applications are located on different domains.
There a nice article in CodeProject on implementing SSO in ASP.NET - http://www.codeproject.com/Articles/106439/Single-Sign-On-SSO-for-cross-domain-ASP-NET-applic it applies to ASP.Net MVC too.
Upvotes: 4
Related Questions
- login with asp.net membership cross domain authentication
- Cross-domain authentication ASP.net MVC
- Forms Authentication across Sub-Domains
- Cross domain issues while accessing ASP.NET Web API Restful services:
- Cross domain authentication of Web API
- Using Forms Authentication with WebAPI when the client is in a different domain?
- How to share authentication between website and service for Ajax
- Authentication between mvc and webapi (Separate domains/Applications)
- Method for Sharing Forms Authentication Login between MVC.net and Web API Sites on the Same Domain
- ASP.Net Cross-Site Authentication