ASP 2.0 Membership API

  • Thread starter Thread starter timdennis30
  • Start date Start date
T

timdennis30

I am wondering how create a security framework for all our web
application. Is it possible to create a single forms authenication
(cookieless) setting for multiple web applications and web config
files. For example, I want the security web site on our webserver to
serve as a portal for other sites on our server. Example:

www.myFirstWebApp.com
web.config <forms loginUrl="www.myCentralLogin.com/login.aspx ">


www.mySecondWebApp.com
web.config <forms loginUrl="www.myCentralLogin.com/login.aspx ">


Both sites would authenticate using the centrol login web site. Is
this possible if the websites are in different virtual directories or
possiblily different web servers?


Thanks
 
For the most part, ASP.NET applications security is configured in the
web.config and declared in several locations throughout the file.
The page declaration for example is where you would set support for
cookieless authentication which results in the Session ID being written into
the URL of the page. Showing the Session ID in the URL doesn't sit well with
me and we have to take an extra step to learn to encode or encrypt that
value if we really want to expect a reasonbly well defended attack surface.

And yes, it is not only possible to write a single form which may be used to
authenticate multiple web applications it has become incredibly simple. I
mean simple as in something like six steps. That's -- after -- the
web.config file is written to enable the use of the ASP.NET 2.0 Membership,
Roles and Profiles which function together systematically and which is how
you can use that single form to authenticate across application boundaries.
Its all about your mastery of OO principles which IMO are best applied using
C#.

<%= Clinton Gallagher
NET csgallagher AT metromilwaukee.com
URL http://clintongallagher.metromilwaukee.com/
 
Both sites would authenticate using the centrol login web site. Is
this possible if the websites are in different virtual directories or
possiblily different web servers?
Click to expand...

If you use the AspNetSqlMembershipProvider, the easiest (simplest) would
probably be to let the web applications share the membership database.

Rune
 
You must log in or register to reply here.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How can I increase the timeout on ASP.Net 3.5 pages talking towebservices? 2
Session times out in less time than I set 9
Membership permissions after publishing an ASP.NET Membership site. 2
web.config error in cassini 2.0 4
timing out the asp.net web application when not in use for 15 minutes 8
Forms Authentication 4
Cannot set timeout with asp.net 1.1 over than 20 minutes 5
page vs directory security 6

Back
Top