Single Sign-On in ASP.NET


Introduction: Single Sign-On(SSO) is the concept where user can access multiple application with a single time log in.

Description: Here I have explained the SSO with some examples.

If we have multiple applications on same domain e;g

etc.

These all are different application configured on same domain (mycompany.com) having different login functionalities but same user table(registered users). So here the SSO will provide you the facility to access the features of different application after logging into one system.

HOW to achieve this?

It’s very simple when we enter into the cookie world. SSO can be achieved with the help of cookies.

Step I: Use form authentication and your <authentication> tab on web.config should be like below

<authentication mode=”Forms”>

<forms loginUrl=”CMSPages/logon.aspx” defaultUrl=”Default.aspx” name=”.ASPXFORMSAUTH” timeout=”60″ slidingExpiration=”true”/>

</authentication>

name: cookie name which is going to be used across the application. timeout: can be set according to your requirement.

Step II: The machine key should be same on all the applications. See the sample <machinekey> tag below

<machineKey validationKey=”6F91D67AF10322DDB2D42B29DE57C7064BD2D96C3F859D67C0D2B45F0A590E0D03912FF8DF 9C43CA76E41EA432A1C219AAD7B7F0ADB81B10C0BE05F538FA9A4A” decryptionKey=”2348D574C1421373A8C3F0D3A9118C15754E08A73EF2BB9A” validation=”SHA1″ />

For generating the machine key I have listed some sample sites and screen shots below

http://aspnetresources.com/tools/keycreator.aspx

http://www.codeproject.com/KB/aspnet/machineKey.aspx

http://www.developmentnow.com/articles/machinekey_generator.aspx

Please follow the below link to know more about machine Key

http://msdn.microsoft.com/en-us/library/w8h3skw9.aspx

Step III: Issue cookie after log-in from the main application. You can use the below code to achieve this

//creating cookie for user name which is common for both applications. //this cookie is required for Single Sign On functionality

FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1, Username,DateTime.Now, DateTime.Now.AddHours(1), true, “”);

HttpCookie cookie = new HttpCookie(“.ASPXFORMSAUTH”); cookie.Value = FormsAuthentication.Encrypt(fat); cookie.Expires = fat.Expiration; HttpContext.Current.Response.Cookies.Add(cookie);

Here I have issued a cookie named .ASPXFORMSAUTH. If you can remember this cookie is common on all the applications configured on web.config.

Now this cookie is shared among the applications through this process. If we want to have some other cookie like I need to show Full name on top which should be same across the application after logging in.

In this case we should create cookie like below

//creating cookie for user full name

//This is required to display same name on the //welcome note on top

HttpCookie fullNameCookie = new HttpCookie(“fullname”); fullNameCookie.Value = UserFullName; fullNameCookie.Expires = cookie.Expires; HttpContext.Current.Response.Cookies.Add(fullNameCookie);

After issuing the cookie you can access the cookie as below

HttpCookie userFullnameCookie = HttpContext.Current.Request.Cookies[“fullname”]; userNameLabel.Text = userFullnameCookie.Value;

You can think of adding one more cookie(fullname) into the cookie we issued (.ASPXFORMSAUTH). But answer is no. Normally I could achieve this with normal cookie not with the Encrypted one.

Hello….. this is not going to work in all situations? :))

What is the issue?

Here issue with the domain name and www. When you have logged in and the URL is mycompany.com then it won’t retain the cookie for www. mycompany.com.

So in order to fix this issue we need to add domain to the cookie like below

//creating cookie for user name which is common for both applications. //this cookie is required for Single Sign On functionality

FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1, Username,DateTime.Now, DateTime.Now.AddHours(1), true, “”);

HttpCookie cookie = new HttpCookie(“.ASPXFORMSAUTH”); cookie.Value = FormsAuthentication.Encrypt(fat);

cookie.Domain = “.mycompany.com”;

cookie.Expires = fat.Expiration; HttpContext.Current.Response.Cookies.Add(cookie);

it should be .domain name.

Now it looks complete. Great Job!!!!!!!!!!!!

It will work for the below domains

  • mycompany.com
  • subdomain.mycompany.com

Thank You for reading this article.

With Personal Regards

Swagat

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s