single signon between multible sites in same umbraco installation - Extending Umbraco and using the API

Go to solution

Press Ctrl / CMD + C to copy this to your clipboard.

Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

Jan Molbech 18 posts 109 karma points

Apr 06, 2017 @ 08:24
0

single signon between multible sites in same umbraco installation

Extending Umbraco and using the API

Umbraco 7
Setup: Two sites (mysite.com & secure.mysite.com) in the same Umbraco installation. Secure.mysite.com has role-based restricted access.

I want to have a login form on mysite.com that navigates to and logs me into secure.mysite.com.

My problem is that the authcookie that is created, apparently is not accepted, because I am send to the login at secure.mysite.com, when i'm redirected.

I have the following entry in my web.config
```
<forms name="yourAuthCookie" loginUrl="login.aspx" domain=".mysite.com" protection="All" path="/" enableCrossAppRedirects="true" />
```
When i log in from mysite.com, it generates a cookie that belongs to the domain .mysite.com, but still sends me to the loginform for secure.mysite.com

It's the same login logic/method thats being called from both login forms.
```
if (Membership.ValidateUser(model.Username.Trim(), model.Password.Trim()))
            {

                FormsAuthentication.SetAuthCookie(model.Username.Trim(), true);

                if (Roles.IsUserInRole(model.Username, "Kunder"))
                    Logging.Instance.Info("Customer with user name: " + model.Username.Trim() + " logged in");

                if ((Roles.IsUserInRole(model.Username, "Administratorer")))
                    Logging.Instance.Info("Administrator with user name: " + model.Username.Trim() + " logged in");

                var nodeId = portalNode.Id;
                return RedirectToUmbracoPage(nodeId);
            }
            else
            {
                TempData["invalidLogin"] = true;
            }
```
Any ideas why this isn't working? Is this machinekey related?

I'll be glad to post more code if needed.
Copy Link
Dave Woestenborghs 3504 posts 12133 karma points MVP 8x admin c-trib

Apr 06, 2017 @ 09:05
0
Hi Jan,

Can you remove the leading dot in the domain name and see if that helps ?
```
<forms name="yourAuthCookie" loginUrl="login.aspx" domain="mysite.com" protection="All" path="/" enableCrossAppRedirects="true" />
```
That's how set it up for a site and that works fine.

Dave
Copy Link
Jan Molbech 18 posts 109 karma points

Apr 06, 2017 @ 09:32

0

The domain on the created cookie is still set to .mysite.com

Copy Link
Dave Woestenborghs 3504 posts 12133 karma points MVP 8x admin c-trib

Apr 06, 2017 @ 09:35

0

You say both sites are in the same umbraco installation. Are they running on the same server or do you have perhaps a load balanced environment. Than it can be related to the machine key.

Dave

Copy Link
Jan Molbech 18 posts 109 karma points

Apr 06, 2017 @ 09:39

0

Nope, they are running on same server

Copy Link
Dave Woestenborghs 3504 posts 12133 karma points MVP 8x admin c-trib

Apr 06, 2017 @ 09:43

0

Can you add cookieless="UseCookies" to the forms tag in the authentication section ?

Dave

Copy Link
Jan Molbech 18 posts 109 karma points

Apr 06, 2017 @ 09:44

100

I actually got it working.

The answer is in this articel https://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx

I generated a machinekey on the IIS and added the generated values to the machinekey element in the web.config

https://blogs.msdn.microsoft.com/amb/2012/07/31/easiest-way-to-generate-machinekey/

thanks everyone for your help

Copy Link
Dave Woestenborghs 3504 posts 12133 karma points MVP 8x admin c-trib

Apr 06, 2017 @ 09:51

0

Hi Jan,

I did it for you :-)

Dave

Copy Link
Jan Molbech 18 posts 109 karma points

Apr 06, 2017 @ 09:57

1

Thanks. Have a thunderous thursday ;)

Copy Link
is working on a reply...

Please Sign in or register to post replies