Introduction
This tip is supposed to give a working explanation of implementing a single sign on (SSO) in ASP.NET applications which are hosted under the same domain.
Background
The tip assumes that the user has basic knowledge on application login and ASP.NET forms mode authentication.
Using the Code
Implementing Single Sign On (SSO) is not of much complexity if you are trying to achieve between applications hosted under same domain names. To explain in detail, say you have a domain with the name www.MainStudio.com and you want to host 2 or more other applications under the same domain, i.e., www.MainStudio.com/DirectorsApp and one more say www.MainStudio.com/ActorsApp assuming these two App's have a separate login and we must allow the same set of users to access both the Apps with one time login in either www.MainStudio.com/DirectorsApp or www.MainStudio.com/ActorsApp. To achieve this, we use the power of ASP.NET Forms Authentication and by adding few entries in WebConfig files.
Forms Authentication
So let us first authenticate a user once he has logged in to the application. Place the below code in your login method after the login is successful.
var emailId = UserEmailId; \\ This is the logged in user email id
var cookie = FormsAuthentication.GetAuthCookie(emailId, false);
var ticket = FormsAuthentication.Decrypt(cookie.Value);
var newTicket = new FormsAuthenticationTicket( ticket.Version, ticket.Name, DateTime.Now, DateTime.Now.AddMinutes(30), isPersistent, userData, ticket.CookiePath);
cookie.Value = FormsAuthentication.Encrypt(newTicket);
cookie.Expires = newTicket.Expiration.AddHours(1);
this.Context.Response.Cookies.Set(cookie);
The above code is self explanatory. We create a cookie for the logged in user email id and then decrypt the cookie value to a ticket. Create a FormAuthenticationTicket
called newTicket
by setting up the required parameters and add this newTicket
to the already created cookie and set this cookie in the Current user context. This way, we will have the logged in user authentication cookie ready to share between all the applications under the same domain umbrella.
WebConfig File Settings (Adding machine Keys)
Now the authentication cookie is ready to share among all the applications under same domain name. But it is not accessible from other applications unless we do one more thing "Setting up machine keys in both the application's WebConfig files". Once we add these machine keys, we are good to experience the SSO feature real time. Place the below code in your web config file.
<system.web>
<machinekey decryptionkey="684FC9301F404DE1B9565E7D952005579E823307BED44885"
validationkey=""> </machinekey>
</system.web>
Note: All the applications which will use the SSO feature must make use of the same machine key values and must implement forms mode of authentication (Forms Authentication). Forms Authentication is useful if you want the Single Sign Off to work as well. You can sign off from forms authentication by using one line of code:
FormsAuthentication.SignOut();
which would sign out the user from all the applications under SSO.
Known Issues
One of the issues I faced was one of my applications was targeting .NET framework 4.0 and the other .NET Framework 4.5. This was limitation for SSO to work as the 4.5 application couldn't read the cookies set by 4.0 application. But vice versa was working. I had to add one more entry into the WebConfig machine key element of the 4.5 application to tell it to accept cookies from older versions. The change is as below:
<machineKey validationKey="BD52058A3DEA473EA99F29418689528A494DF2B00054BB7C"
decryptionKey="684FC9301F404DE1B9565E7D952005579E823307BED44885"
compatibilityMode="Framework20SP2" />
Note the new entry made as:
compatibilityMode="Framework20SP2"
That's it... Now you must be able to get your SSO working.