locked
Session Issue: Multiple Domain Extensions (.com and .tv) with a single web.config authentication:forms element RRS feed

  • Question

  • User1536017783 posted

    I'm maintaining an application that must take two different domains each having a different Domain Extension (example: .com & .tv). My web.config looks sometime like this.

    <authentication mode="Forms">

    <forms name=".myAuth" domain=".mysite.com" loginUrl="signin.aspx" timeout="888" requireSSL="false" />

    </authentication>

    The issue I'm facing is my sign-in process is only creating a session when signing in through mysite.com. If I were to sign-in through mysite.tv then no session is created. I've tried removing the domain property altogether in attempt to keep the process more generic, but that doesn't seem to help.

    So my question is, how can I have mysite.com and mysite.tv both use the same loginUrl and create sessions? 

    Thank you

    Thursday, March 22, 2018 5:56 AM

All replies

  • User283571144 posted

    Hi patweb99,

    As far as I know, if server generate a session, it will return a session id to the client browser.

    Client browser will store it in the cookie.

    Each time access the server, it will send this session id to server.

    Like this:

    But each domain will have its own cookie.

    So you couldn't access another domain session.

    More details about the how the session work, you could refer to below article.

    https://www.c-sharpcorner.com/UploadFile/3d39b4/introduction-to-Asp-Net-session/ 

    Here is a walk around, you could change the authration mode to signale sign on.

    More details, you could refer to below artice.

    https://www.codeproject.com/Articles/106439/Single-Sign-On-SSO-for-cross-domain-ASP-NET-applic 

    Best Regards,

    Brando

    Friday, March 23, 2018 6:59 AM
  • User1536017783 posted

    Hi Brando,

    Thanks for the prompt feedback! I don't think what you're suggesting will work for me. Let me explain a little further...

    The web.config entry...

    <forms name=".myAuth" domain=".mysite.com" loginUrl="signin.aspx" timeout="888" requireSSL="false" />

    ... IIS has both mysite.com and mysite.uk setup against a single IIS website. if I login through mysite.com everything works since the forms tag above correlates to the domain. But if I login to mysite.uk a session is never created unless I change the domain to mysite.uk. 

    I suppose I could create a second site with a modified version of the web.config file, but that doesn't feel right. Any other suggestions?

    Thanks again.

    Saturday, March 24, 2018 3:13 AM
  • User283571144 posted

    Hi patweb99,

    As far as I know, if we don't set the domain attribute in the form authentication, the application will work well with multiple domain.

    It could create session well.

    I have also created test demo on my side, it works well. 

    My test web.config:

        <authentication mode="Forms" >
          <forms loginUrl="Login.aspx"   defaultUrl="Dash_Board.aspx">
          </forms>
        </authentication>
        <authorization>
          <deny users="?" />
        </authorization>

    Test apsx:

            protected void Page_Load(object sender, EventArgs e)
            {
                if (Session["test"] != null)
                {
                    Label1.Text = Session["test"].ToString();
                }
            }
    
            protected void Button1_Click(object sender, EventArgs e)
            {
                Session["test"] = "Has Session";
            }

    Result:

    Best Regards,

    Brando

    Tuesday, March 27, 2018 8:56 AM