Reputation: 9963
Create a asp.net authenicated cookie on 1 site for another
I have 3 mvc4 sites. Site 1 'www.mydomain.com' is a marketing site that allows a user to create an account.
Site 2 'https://businessnamewhatever.mydoman.com' is used for the business to log in and use the available features.
Site 3 WebApi project 'https://api.mydomain.com'
After creating an account within the marketing site (account create via calling webapi) I want to redirect them to 2nd site automatically logging them in.
Both of the sites have forms authentication setup and both use theirown cookie names set within the web.config authentication section
Within my marketing site after calling the api I need to set the auth cookie that will allow the user to automatically log into site 2
I thought it would be just a case of using from within my marketing site
FormsAuthentication.SetAuthCookie(userName, true,"the name of my cookie on site 2");
My 2nd idea was to do a dirty redirect like
var url = string.Format("https://{0}.mydomain.com/account/sign-in?userName={1}&password={2}", model.BusinessName, model.BusinessName, model.Password);
return Redirect(url);
However the redirect never happens. Looking in the network tab I can see the response and if I click on it I am redirected to the site correctly.
Is there a better way to be doing this?
Update
SORRY! I forgot to mention I have a 3rd application working as my API
I have updated all of the web.config as suggested by Kenneth. adding a the same machine key and domain name with authentication settings
After I have called the create user method within the marketing site should I be trying to set the cookie there or should I be doing something else?
Upvotes: 1
Views: 461
Answers (2)
Reputation: 8387
Firstly, I'm assuming both products are on separate domains (otherwise you can refer to @Kenneth's answer), and you can make changes to the source code of both sites.
- After the account has been created on the marketing site, from the server side send a POST (use SSL for security) to the business site containing the user name, password hash, and a redirect-back-to-marketing URL.
- The business site stores these values (as appropriate), then responds with a one-time-use URL for redirecting the client browser, which is only valid for a short time (say 1 or 2 minutes).
- The marketing site sends that URL to the client as a 302 redirect.
- The client browser redirects to the business site.
- The business site validates the URL, ensuring that it hasn't expired.
- The business site redirects the browser back to the redirect-back-to-marketing URL. Include any authentication cookies in this response.
If a validation error occurs (e.g. timeout, or invalid parameters) then the business site should redirect to a predefined URL on the marketing site.
Upvotes: 1
Reputation: 5261
If the 2 sites share a root domain, IE site1.yourdomain.com and site2.yourdomain.com, you should be able to set the machinekey and shared domain in order to allow both sites to access the auth ticket.
Details here. http://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx
Upvotes: 1
Related Questions
- sharing cookies between websites
- single login with authentication in subdomain
- How to create ASP.NET Membership cookie properly?
- Sharing ASP.NET logged in user data between two sites
- Share authentication cookie/membership provider between two sites - second site never authenticates
- ASP.NET Site Authentication Cookie sharing
- Login on site with other site creadentials in asp.net
- Sharing ASP.NET authentication between sites
- Sharing Authentication between ASP.NET sites
- How to authenticate users on one site and pass credentials to other site? ( Windows Authentication, ASP.Net)