locked
One session for the same site RRS feed

  • Question

  • User-383078022 posted

    Hi,

    I use ASP.NET MVC 4 and for authenticate a user, i use too simpleMembership with "webSecurity"

    also like this "WebSecurity.Login(model.Email, model.Password, persistCookie: model.RememberMe)"

    But, the problem is :

    my server has two domain name like www.csharp.com and www.c.com so two domain for the same site on the same server...

    and if i authenticate on www.csharp.com, i'm not authenticate on www.c.com

    How i can keep my session ?

    Thank you for advance, i need your help !

    Thursday, October 25, 2012 2:35 PM

Answers

All replies

  • User1779161005 posted

    If they are different domains then you can't. Browsers won't share the authentication cookie across two different domains. If one is a subdomain of the other, then this can be configured via the <forms domain> setting in web.config and then you'd also have to sync the <machineKey> element.

    Thursday, October 25, 2012 3:01 PM
  • User2117486576 posted

    @BrockAllen

    Isn't there a Single Sign On solution that would work.  I have never worked with one myself (and frankly my eyes glaze over when I start reading about it) but I thought they worked.

    http://www.codeproject.com/Articles/106439/Single-Sign-On-SSO-for-cross-domain-ASP-NET-applic

    Does this not apply to this issue?

    Thursday, October 25, 2012 3:33 PM
  • User1779161005 posted

    Single sign on would allow the user to be logged into two domains at once, but you still have a separate cookie for each (plus another cookie for the identity provider domain).

    Thursday, October 25, 2012 3:37 PM
  • User-383078022 posted

    Thank you ! Yeah but i think that a big fonctionalities for a little problem...

    i use a area in the same project and each area use a domain name because i have many same fonctionalities... look like this :

    localhost/c#/entreprise = www.c#.com/entreprise

    localhost/c/entreprise = www.c.com/entreprise

    entreprise.aspx = it's the same for www.c#.com and www.c.com

    but i can have www.c#.com/listc# and www.c.com/listc and of course, listc and listc# are not the same...

    With SSO i don't know if i can apply this with aera...

    i don't like use sso whereas it's the same application ... i find this a little ridiculous... Not ?

    It's gangnam style authentification for the real utility... 

    Thursday, October 25, 2012 4:36 PM
  • User1779161005 posted

    Thank you ! Yeah but i think that a big fonctionalities for a little problem...

    It might be a little problem, but it's the problem you face :)

    This is just how browsers and HTTP work with cookies. A SSO solution is how we deal with this problem.

    Thursday, October 25, 2012 9:38 PM
  • User-383078022 posted
    Yeah, you re right.. Thank you. I search an another solution but sso is more standard than another solution on the web. Do you know an example on asp.net mvc with sso ?
    Thursday, October 25, 2012 10:34 PM
  • User1779161005 posted

    Yeah, you re right.. Thank you. I search an another solution but sso is more standard than another solution on the web. Do you know an example on asp.net mvc with sso ?

    What do you want to use as identity providers? AD? Google? Facebook?

    Thursday, October 25, 2012 10:37 PM
  • User-383078022 posted
    Because it's a professional application and the client don't want this provider :(
    Thursday, October 25, 2012 10:41 PM
  • User1779161005 posted

    Because it's a professional application and the client don't want this provider :(

    That's fine -- but *which* do they want? A custom one? Or windows active directory?

    Thursday, October 25, 2012 11:15 PM
  • User-383078022 posted
    custom.. Do you know a tutorial with asp.net mvc ?
    Thursday, October 25, 2012 11:21 PM
  • User1779161005 posted

    This is the only one i know of that supports a custom DB:

    http://thinktecture.github.com/Thinktecture.IdentityServer.v2/

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, October 25, 2012 11:28 PM
  • User-383078022 posted
    Thank you for your participation.
    Thursday, October 25, 2012 11:35 PM