I'm currently developing a system with several webapps in ASP.NET/C#.
One of my website is used to login user : I will call this website
Webapp1.
Depending on the user attributes, I will send the user to an another
website (let's Webapp2 in my example), where I would like to login
automatically the user with the credentials entered in WebApp1.
I've tried the following code from Webapp1 :
Server.Transfer("URLofWebApp2");
But an error occured :
System.ArgumentException: Invalid path for child request
'URLofWebApp2'. A virtual path is expected. at
System.Web.HttpServerUtility.ExecuteInternal(Strin g path, TextWriter
writer, Boolean preserveForm) at
System.Web.HttpServerUtility.Transfer(String path, Boolean
preserveForm) at System.Web.HttpServerUtility.Transfer(String path) at
WebInterface_aur.Login.LoginButton_Click(Object sender, EventArgs e) in
y:\login.aspx.cs:line 116
It seams that Server.Transfer cannot be used between different
websites.
I don't want to pass the variables (credentials) by using the following
way for security aspect:
Response.Redirect("?URLofWebApp2name=" + UserName.Text + "+password=" +
Password.Text + "+domain=" + Domain.Text);
Anyone have an idea to solve this problem ?
Thank you
AurHere's a quick and dirty way:
In the web.config of both projects, change the authentication node to this:
<authentication mode="Forms">
<forms name="SampleAuth"
loginUrl="/TestWebApp2/Test.aspx"
slidingExpiration="true">
</forms>
</authentication
Change the loginUrl to be that of your login page. Then change the
authorization node in the web.config to be this:
<authorization>
<deny users="?" />
</authorization
In your login page, when you've authenticated the user, do this:
System.Web.Security.FormsAuthentication.RedirectFr omLoginPage("Andy", true);
Now, in your other applications (Webapp2 for example), you can get at the
username ("Andy" in this case), by using:
System.Web.HttpContext.Current.User.Identity.Name
I'd recommend reading up on forms authentication and security.
"aure_bobo@.yahoo.fr" wrote:
> Hi all,
> I'm currently developing a system with several webapps in ASP.NET/C#.
> One of my website is used to login user : I will call this website
> Webapp1.
> Depending on the user attributes, I will send the user to an another
> website (let's Webapp2 in my example), where I would like to login
> automatically the user with the credentials entered in WebApp1.
> I've tried the following code from Webapp1 :
> Server.Transfer("URLofWebApp2");
> But an error occured :
> System.ArgumentException: Invalid path for child request
> 'URLofWebApp2'. A virtual path is expected. at
> System.Web.HttpServerUtility.ExecuteInternal(Strin g path, TextWriter
> writer, Boolean preserveForm) at
> System.Web.HttpServerUtility.Transfer(String path, Boolean
> preserveForm) at System.Web.HttpServerUtility.Transfer(String path) at
> WebInterface_aur.Login.LoginButton_Click(Object sender, EventArgs e) in
> y:\login.aspx.cs:line 116
> It seams that Server.Transfer cannot be used between different
> websites.
> I don't want to pass the variables (credentials) by using the following
> way for security aspect:
> Response.Redirect("?URLofWebApp2name=" + UserName.Text + "+password=" +
> Password.Text + "+domain=" + Domain.Text);
> Anyone have an idea to solve this problem ?
> Thank you
> Auré
>
Oops, almost forgot an important part. You'll also need to change the
machinekey node in your machine.config to not generate different keys for
different apps. Basically change it to something like this:
<machineKey validationKey="357356792679345184568256876535689056434617489465"
decryptionKey="357356792679345184568256876535689056434617489465"
validation="SHA1"/
You'll want to provide your own values forthe keys. And like I said, read up
on the subject.
"Andy Luksic" wrote:
> Here's a quick and dirty way:
> In the web.config of both projects, change the authentication node to this:
> <authentication mode="Forms">
> <forms name="SampleAuth"
> loginUrl="/TestWebApp2/Test.aspx"
> slidingExpiration="true">
> </forms>
> </authentication>
> Change the loginUrl to be that of your login page. Then change the
> authorization node in the web.config to be this:
> <authorization>
> <deny users="?" />
> </authorization>
> In your login page, when you've authenticated the user, do this:
> System.Web.Security.FormsAuthentication.RedirectFr omLoginPage("Andy", true);
> Now, in your other applications (Webapp2 for example), you can get at the
> username ("Andy" in this case), by using:
> System.Web.HttpContext.Current.User.Identity.Name
>
> I'd recommend reading up on forms authentication and security.
>
> "aure_bobo@.yahoo.fr" wrote:
> > Hi all,
> > I'm currently developing a system with several webapps in ASP.NET/C#.
> > One of my website is used to login user : I will call this website
> > Webapp1.
> > Depending on the user attributes, I will send the user to an another
> > website (let's Webapp2 in my example), where I would like to login
> > automatically the user with the credentials entered in WebApp1.
> > I've tried the following code from Webapp1 :
> > Server.Transfer("URLofWebApp2");
> > But an error occured :
> > System.ArgumentException: Invalid path for child request
> > 'URLofWebApp2'. A virtual path is expected. at
> > System.Web.HttpServerUtility.ExecuteInternal(Strin g path, TextWriter
> > writer, Boolean preserveForm) at
> > System.Web.HttpServerUtility.Transfer(String path, Boolean
> > preserveForm) at System.Web.HttpServerUtility.Transfer(String path) at
> > WebInterface_aur.Login.LoginButton_Click(Object sender, EventArgs e) in
> > y:\login.aspx.cs:line 116
> > It seams that Server.Transfer cannot be used between different
> > websites.
> > I don't want to pass the variables (credentials) by using the following
> > way for security aspect:
> > Response.Redirect("?URLofWebApp2name=" + UserName.Text + "+password=" +
> > Password.Text + "+domain=" + Domain.Text);
> > Anyone have an idea to solve this problem ?
> > Thank you
> > Auré
Hi Andy,
Thank you for your answsers.
I will try your advices asap, but I've some questions and information
to add.
First of all, my WebApp1 is just a basic form where I'm going to check
if the user is belonging to the active directory and I retrieve his
group. Can I use C# ASP.NET forms authentication in this way ?
I don't have any machine.config file in my WebApps. Do I need to create
them ?
I'm using the Framework 1.1.
With your solution, do I use Response.Redirect or Server.Transfer to
launch my WebAppX ?
Thank you
Andy Luksic a crit :
> Oops, almost forgot an important part. You'll also need to change the
> machinekey node in your machine.config to not generate different keys for
> different apps. Basically change it to something like this:
> <machineKey validationKey="357356792679345184568256876535689056434617489465"
> decryptionKey="357356792679345184568256876535689056434617489465"
> validation="SHA1"/>
> You'll want to provide your own values forthe keys. And like I said, readup
> on the subject.
>
> "Andy Luksic" wrote:
> > Here's a quick and dirty way:
> > In the web.config of both projects, change the authentication node to this:
> > <authentication mode="Forms">
> > <forms name="SampleAuth"
> > loginUrl="/TestWebApp2/Test.aspx"
> > slidingExpiration="true">
> > </forms>
> > </authentication>
> > Change the loginUrl to be that of your login page. Then change the
> > authorization node in the web.config to be this:
> > <authorization>
> > <deny users="?" />
> > </authorization>
> > In your login page, when you've authenticated the user, do this:
> > System.Web.Security.FormsAuthentication.RedirectFr omLoginPage("Andy", true);
> > Now, in your other applications (Webapp2 for example), you can get at the
> > username ("Andy" in this case), by using:
> > System.Web.HttpContext.Current.User.Identity.Name
> > I'd recommend reading up on forms authentication and security.
> > "aure_bobo@.yahoo.fr" wrote:
> > > Hi all,
> > > > I'm currently developing a system with several webapps in ASP.NET/C#.
> > > > One of my website is used to login user : I will call this website
> > > Webapp1.
> > > > Depending on the user attributes, I will send the user to an another
> > > website (let's Webapp2 in my example), where I would like to login
> > > automatically the user with the credentials entered in WebApp1.
> > > > I've tried the following code from Webapp1 :
> > > Server.Transfer("URLofWebApp2");
> > > > But an error occured :
> > > System.ArgumentException: Invalid path for child request
> > > 'URLofWebApp2'. A virtual path is expected. at
> > > System.Web.HttpServerUtility.ExecuteInternal(Strin g path, TextWriter
> > > writer, Boolean preserveForm) at
> > > System.Web.HttpServerUtility.Transfer(String path, Boolean
> > > preserveForm) at System.Web.HttpServerUtility.Transfer(String path) at
> > > WebInterface_aur.Login.LoginButton_Click(Object sender, EventArgs e) in
> > > y:\login.aspx.cs:line 116
> > > > It seams that Server.Transfer cannot be used between different
> > > websites.
> > > > I don't want to pass the variables (credentials) by using the following
> > > way for security aspect:
> > > Response.Redirect("?URLofWebApp2name=" + UserName.Text + "+password=" +
> > > Password.Text + "+domain=" + Domain.Text);
> > > > Anyone have an idea to solve this problem ?
> > > Thank you
> > > Aur
> > >
>
> First of all, my WebApp1 is just a basic form where I'm going to check
> if the user is belonging to the active directory and I retrieve his
> group. Can I use C# ASP.NET forms authentication in this way ?
Yes, you can use AD to authenticate. I can't tell you how to do it off the
top of my head, but I'm sure if you Google it, you'll find some resources
that will help. At this point how you store and authenticate the user's
credentials is up to you.
> I don't have any machine.config file in my WebApps. Do I need to create
> them ?
> I'm using the Framework 1.1.
The machine.config file isn't in your application, it's a "one per machine"
type of file. Here's where mine is located:
C:\WINNT\Microsoft.NET\Framework\v1.1.4322\CONFIG\ machine.config
> With your solution, do I use Response.Redirect or Server.Transfer to
> launch my WebAppX ?
In my solution, when you user requests "/WebApp2/mypage.aspx", for example,
the config settings automatically take them to your login page in WebApp1 and
remembers the URL that they originally requested. Once you issue the
"System.Web.Security.FormsAuthentication.RedirectFr omLoginPage("Andy",
true);" command, they are taken to the page that they originally requested,
only this time they're authenticated.
yes you can use forms or even Windows Auth.
I blogged how to use a Role based Windows Auth here:-
http://spaces.msn.com/members/naijacoder/
Hope it helps
Patrick
"Andy Luksic" <AndyLuksic@.discussions.microsoft.com> wrote in message
news:FF2A68D3-124B-4ED0-92F1-179759A6B461@.microsoft.com...
> > First of all, my WebApp1 is just a basic form where I'm going to check
> > if the user is belonging to the active directory and I retrieve his
> > group. Can I use C# ASP.NET forms authentication in this way ?
> Yes, you can use AD to authenticate. I can't tell you how to do it off the
> top of my head, but I'm sure if you Google it, you'll find some resources
> that will help. At this point how you store and authenticate the user's
> credentials is up to you.
> > I don't have any machine.config file in my WebApps. Do I need to create
> > them ?
> > I'm using the Framework 1.1.
> The machine.config file isn't in your application, it's a "one per
machine"
> type of file. Here's where mine is located:
> C:\WINNT\Microsoft.NET\Framework\v1.1.4322\CONFIG\ machine.config
> > With your solution, do I use Response.Redirect or Server.Transfer to
> > launch my WebAppX ?
> In my solution, when you user requests "/WebApp2/mypage.aspx", for
example,
> the config settings automatically take them to your login page in WebApp1
and
> remembers the URL that they originally requested. Once you issue the
> "System.Web.Security.FormsAuthentication.RedirectFr omLoginPage("Andy",
> true);" command, they are taken to the page that they originally
requested,
> only this time they're authenticated.
0 comments:
Post a Comment