Reputation: 245
Authentication of MVC app inside a web forms (iframe)
Quick question (and sorry if it's already been asked, I have looked but couldn't find it).
I have a webforms app which has a page that contains an iframe and serves up an MVC page.
I need to do the login authentication within the web app and to check in the MVC app that we are authenticated (I'm sure there are better ways, but sadly this is how it already is, it's not my job to change it).
I know of various fudges to make this work, but is there a nice/correct way to achieve this?
thanks in advance
Daz
Upvotes: 2
Views: 2129
Answers (1)
Reputation: 3796
Assuming that the WebForms and MVC apps are in separate solutions, but deployed to the same server,
Make sure that your authentication mechanism is using FormsAuthentication.
Place both the WebForms and MVC app on the same domain, i.e. example.com
Edit the Web.config of both the apps and set
<system.web><machineKey>to the same value. You can generate machine key via http://www.insitesystems.com/services/machine-key-generator.html-- OR --
leave out the machineKey of both the web.config to inherit from the parent web.config or machine.config on the server. (never tested this)
Use the same
<membership>and<authentication>settings. Having same membership settings allows you to sign in from both the apps, since users' passwords are store in the same database. Having same authentication settings ensures that the same authentication cookies get submitted no matter whether it is sent to WebForms or MVCAdd the following to your MVC controllers to output P3P header to force IE to accept cookies inside the IFRAME. Please customize the value, as your privacy policy is very likely different from mine. See http://www.p3pwriter.com/LRN_111.asp for details. (Alternatively, put it inside a base Controller class and inherit it from all your controllers.)
protected override void OnActionExecuted(ActionExecutedContext filterContext) { filterContext.HttpContext.Response.AddHeader("P3P", @"CP=""CAO PSD OUR CUR"""); base.OnActionExecuted(filterContext); }
Edit
On 2nd thought, step 5 is not needed, since both the main document and iframe comes from the same domain. The cookies thus should be considered first party, rather than 3rd party (which gets blocked by IE).
Upvotes: 3
Related Questions
- Authentication in an ASP.NET MVC Application via token in an external widget (iframe)
- How to pass authentication details to application inside iframe?
- Login not working on IFrame in VB.NET MVC application
- Add authentication to ASP.Net Web Forms inside ASP.Net MVC 4
- asp net mvc login page doesn't work inside iframe
- Authenticate Web User in background dua IFRAME
- How to realize cross-domain security with iFrame custom website under the sharepoint website
- Allow Administrators to impersonate users using an iframe
- MVC - Forms Authentication, IFrame cookies, dynamic Cookieless mode
- ASP.NET MVC html page authentication