There are various ways
to use Single Sign On (SSO) in asp.net web application. We can use cookies,
session (state server), SAML and web services etc. Now we would like to give a
brief overview of how to use cookie to implement Single Sign on(SSO) in asp.net
web application.
Assume that we have
two web application hosted on different virtual directory but under same
domain. As for example, our root domain is:
http://www.cookietest.com
and
Other two virtual
directory hosted under this domain are
http://www.cookietest.com/cookiesite1/Login.aspx
http://www.cookietest.com/cookiesite2/Default.aspx
If we login
successfully in cookiesite1 then it writes the login information in cookie and
now opens another tab or a new window in same browser (IE, FF whatever you
like).
Place this address http://www.cookietest.com/cookiesite2/Default.aspx
in
address bar logged in automatically in cookiesite2.
When we try to access in
cookiesite2 -> Default.aspx it checks the login information from cookie. If
desired value found in cookie then you logged in automatically. Remember you
need to enable cookie in your browser for all of these activities.
Configuration:
1. Web.Config
Before coding we need
to some configure in our web.config file. Though cookiesite1 and cookiesite2
are in different virtual directory their web.config file must contains the same
machine validationKey, decryptionKey and validation.
Like this,
<machineKeyvalidationKey="282487E295028E59B8F411ACB689CCD6F39DDD21E6055A3EE480424315994760A
DF21B580D8587DB675FA02F79167413044E25309CCCDB647174D5B3D0DD9141"
decryptionKey="8B6697227CBCA902B1A0925D40FAA00B353F2DF4359D2099"
validation="SHA1" />
DF21B580D8587DB675FA02F79167413044E25309CCCDB647174D5B3D0DD9141"
decryptionKey="8B6697227CBCA902B1A0925D40FAA00B353F2DF4359D2099"
validation="SHA1" />
2. IIS
In IIS->Directory security tab add the "ASPNET Machine
Account" user and set the full rights.
Coding:
Write cookie after login complete:
Place this code in cookiesite1->Login.aspx.cs
if (login_Successful)
{
//Create a new cookie, passing the
name into the constructor
HttpCookie cookie = new HttpCookie("strCookieName");
//Set the cookies value
cookie.Value ="set_cookie_value";
//Set the cookie to expire in 5
minute
DateTime dtNow = DateTime.Now;
TimeSpan tsMinute = new TimeSpan(0, 0, 5, 0);
cookie.Expires = dtNow + tsMinute;
//Add the cookie
Response.Cookies.Add(cookie);
Response.Write("Cookie written. ");
}
Check cookie exist or not on page_load
Place this code in
cookiesite2->Default.aspx.cs
protected void Page_Load(object sender, EventArgs e)
{
//Grab the cookie
HttpCookie cookie =
Request.Cookies["strCookieName"];
//Check to make sure the cookie
exists
if (cookie != null)
{
ReadCookie();
}
else
{
lblCookie.Text = "Cookie
not found. ";
}
}
Read cookie when page load:
Add this method in cookiesite2->Default.aspx.cs
protected void ReadCookie()
{
//Get the cookie name the user
entered
//Grab the cookie
HttpCookie cookie =
Request.Cookies["strCookieName"];
//Check to make sure the cookie
exists
if (cookie == null)
{
lblCookie.Text = "Cookie
not found. ";
}
else
{
//Write the cookie value
String strCookieValue
= cookie.Value.ToString();
lblCookie.Text = "The
cookie contains: " + strCookieValue + "";
}
}
Test the application under localhost/or under your domain..
No comments:
Post a Comment