The action on your site 1 form should call your controller method
Which I think from you code would be /login/submitlogin rather than just /login and don't even attempt this using http it should at least be Https otherwise you are passing credentials in plain text across the net
Thank you for the answer.
The controller on site2 is a surface controller...so, if I understand what you mean, the action of the form on site1 should be:
Server Error in '/' Application.
The required anti-forgery cookie "__RequestVerificationToken" is not present.
Description: An unhandled exception occurred during the execution of
the current web request. Please review the stack trace for more
information about the error and where it originated in the code.
Exception Details: System.Web.Mvc.HttpAntiForgeryException: The
required anti-forgery cookie "__RequestVerificationToken" is not present.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Very strange because I put the code @Html.AntiForgeryToken() under the form tag.
It says cookie which obviously can't be valid on another domain so you will probably need to not use one if they are cookies, they are used to prevent exactly what you are attempting :)
To help prevent CSRF attacks, ASP.NET MVC uses anti-forgery tokens, also called request verification tokens. ... When the client submits the form, it must send both tokens back to the server. The client sends the cookie token as a cookie, and it sends the form token inside the form data
That's ok...it's right,
but how can I solve it? :-o
I must change the form on site1 or I must change something (but don't understand what) on site2, where is my authentication process?
Sorry Huw...I understand these are questions that may be obvious (and I feel like a rookie right now!!!), but i don't understand the correct way to solve the problem :-s
remove this @Html.AntiForgeryToken() from the form in site 1
If you have this [ValidateAntiForgeryToken()] on your controller action in site 2 then you need to remove that as well.
You should then be able to post from site 1 to site 2, I would however suggest adding some sort of check in your site 2 controller to ensure that the request came from site 1 otherwise anyone would be able to create a form and post to your controller method.
your best bet is probably to use an ajax form in site 1 and return json from site 2 action which contains the url and then in the onsuccess of the ajax form you can use the returned json to redirect to the page you need.
Umbraco 8 - How to create a login form that validate members in a second website?
Hi, I have two different umbraco 8 installations.
In site1 I have a login form but the validation process must be done in the site2.
If member will be authenticated, the process will redirect member to the site2 homepage.
I don't know if it is the correct way, but for now in site1 I tried to write the form as this:
In site2 login page I have this code:
Both sites have the same machinekey in the web.config but this don't work.
What's wrong?
Can anyone help me?
Thank you in advance A.
The action on your site 1 form should call your controller method
Which I think from you code would be /login/submitlogin rather than just /login and don't even attempt this using http it should at least be Https otherwise you are passing credentials in plain text across the net
Thank you for the answer. The controller on site2 is a surface controller...so, if I understand what you mean, the action of the form on site1 should be:
http://www.site2.com/umbraco/surface/customlogin/submitlogin
I'll try in next days Thanks A.
Ok I tried, but I received this error on site2:
Very strange because I put the code @Html.AntiForgeryToken() under the form tag.
A.
It says cookie which obviously can't be valid on another domain so you will probably need to not use one if they are cookies, they are used to prevent exactly what you are attempting :)
To help prevent CSRF attacks, ASP.NET MVC uses anti-forgery tokens, also called request verification tokens. ... When the client submits the form, it must send both tokens back to the server. The client sends the cookie token as a cookie, and it sends the form token inside the form data
That's ok...it's right, but how can I solve it? :-o
I must change the form on site1 or I must change something (but don't understand what) on site2, where is my authentication process?
Sorry Huw...I understand these are questions that may be obvious (and I feel like a rookie right now!!!), but i don't understand the correct way to solve the problem :-s
possibly both :)
@Html.AntiForgeryToken()from the form in site 1[ValidateAntiForgeryToken()]on your controller action in site 2 then you need to remove that as well.You should then be able to post from site 1 to site 2, I would however suggest adding some sort of check in your site 2 controller to ensure that the request came from site 1 otherwise anyone would be able to create a form and post to your controller method.
Thank you very much...I'll try ;-)
Hi Huw, this is a never ending story!!!
I tried to change code following your indications, but now I receive the attached error.
In details, after correct login I would redirect the user to the homepage of site2.
So...in surface controller I tried the following code (included the commented code), but I always receive the above error:
Any suggest?
your best bet is probably to use an ajax form in site 1 and return json from site 2 action which contains the url and then in the onsuccess of the ajax form you can use the returned json to redirect to the page you need.
Nope...I found the problem
As you correctly suggested me, I put the check on the source request to prevent attacks, but I wrote it wrong.
Now it works.
Thank you very much for your help ;-)
no problem, glad it worked out.
is working on a reply...