Develop Reference

tumblr like custom domain names crossdomain authentication in mvc3

In our project we provide users with tumblr like subdomains as well as custom domain names like "mydomain.com". So I have one and the same server and one application but different domain names.
Everything works fine with dns and routing but I've faced authentication problem. Shared authentication for main domain and subdomains can be solved by just specifying machine key and domain name in web config.
<authentication mode="Forms">
<forms domain="xxx.com" loginUrl="~/account/logon" timeout="2880" />
</authentication>
But in this case I have "Sign Out" problem, so Signing Out just don't work even after I added these lines of code (all the solutions of this problem I found):
formsAuthentication.SingOut();
Session.Abandon();
HttpCookie cookie1 = new HttpCookie(FormsAuthentication.FormsCookieName, "");
cookie1.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(cookie1);
HttpCookie cookie2 = new HttpCookie("ASP.NET_SessionId", "");
cookie2.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(cookie2);
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();
After all I still don't know how to implement cross domain authentication for custom domain names. Is it possible somehome to share authentication data for particular server between any domains? Or maybe I can retrieve this information on server side if I know domain name and machine key?

a workaround is to set the user information in the localstorage the client set from the "main domain" then set a cookie created by subdomain, but for all your sing-in/out operations you will have to use the "main domain" you can search for how stakoverflow and all the siblings sites works because they are using SSO so solve that, anyway maybe this post helps you.
EDIT
for more information how SO solve the auto login issue

MVC3 Multiple Areas Different Authentication Methods

I have the following structure for my web application:
In my root web config, not in the Areas/Admin/Web.Config I have the following:
<location path="Areas/Admin">
<system.web>
<authentication mode="Windows"></authentication>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
I have my own authentication working on the main root of the web site no problems by using the [Authorize] tag.
Now for the Areas/Admin I'd like to use Windows Authentication.
In IIS (Server 2008 R2 Machine), I have the Admin folder configured as an application:
And when I click on Areas/Admin in IIS, under Authentication, I have Anonymous disabled, and Windows Authentication Enabled.
However, when I attempt to access this folder via the web site, it does not prompt me for my domain username/password. It just loads up the page.
If I go to www.website.com/Areas/Admin, it then prompts me for the username/password. But I need it to use the AreaRegistration, and have it prompt when I go to www.website.com/Admin.
I've been able to configure an entire site as Windows Authentication, and that works like a charm.
Any thought to lead me in the right direction? Or, if you need more information, please leave me a comment and I will be more than happy to give you what I can.

From doing research, I found that the only way to make this work, is to create a 2nd "admin" site which runs as an application under the main site. Doing so, allowed me to setup permissions on that site.

can we share site authentication cookie?

i have two web site domain1.com and domain2.com user come in domain1.com and i authenticate
it and create authenticate cookie ,is it possible to share this cookie by domain2.com,for
example when user Soto domain2.com is authenticated because it authenticated in domain1.com?
is it possible?
I'm looking for a simple way and these domains are not
a sub domains they are two separate site
notice i don't want use sql server url parameter or other ways
thanks all

Absolutely. Hopefully both sites share the same username database or it is replicated so that you can secure and access content by using the HttpContext.User.Identity.Name.
Anyways, basically you need to update your web.config <authentication> section to be exactly the same between the two sites. This means your machine key, decryption key, algorithm....everything.
Here is the MSDN article with the full directions on how to proceed to share authentication across several applications

This is possible using <authentication> and <machineKey> in your web config.
Machine Key
Contains a decrytion key and validation key. This must be the same in both web configs.
<machineKey
decryptionKey="A225194E99BCCB0F6B92BC9D82F12C2907BD07CF069BC8B4"
validationKey="6FA5B7DB89076816248243B8FD7336CCA360DAF8" />
Auhentication
This must be in both web configs but the values are specific to the application.
<authentication mode="Forms">
<forms name=".ASPXFORMSAUTH"
path="/"
loginUrl="~Membership/login"
protection="ALL"
timeout="1000" />
</authentication>

Store MVC3 authentication data across sessions in iPad web-app mode

I have a MVC3 project for running on the iPad in the web-app mode. I use FormsAuthentication to realize a login/logout functionality which calls FormsAuthentication.SetAuthCookie(model.Username, true) to store the login information into a cookie. In all major browser including the safari mobile the cookie is saved persistend, across sessions. Only in the web-app mode the cookie is sometimes cleared during browsing the web-app and it is definitely deleted after closing the web-app. Is there any possibility to save the login information across session in web-app mode, too?
I know that the HTML5 local storage feature could be used, but I've no idea how to implement FormsAuthentication.SetAuthCookie(model.Username, true) manually by using the new local storage. And besides that, I'm not sure whether the local storage is safe enough to store such critical data.

I found the answer after a lot of research: You have to force the usage of cookies in the authentication node of web.config through cookieless="UseCookies":
<authentication mode="Forms">
<forms cookieless="UseCookies" loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>

SSO (Single sign on ) in MVC

has anyone implemented signgle sign on in MVC? Can anyone give me any example for single sign on in MVC.

I've implemented a SSO solution between multiple ASP.NET MVC applications hosted on the same parent domain (app1.domain.com, app2.domain.com, ...) by using Forms Authentication and setting the domain property of the cookie in web.config of all applications:
<forms
name="ssoauth"
loginUrl="/login"
protection="All"
timeout="120"
requireSSL="true"
slidingExpiration="false">
domain="domain.com"
/>
When you set the domain property of the cookie, this cookie will automatically be sent by the client browser to all applications hosted on this domain and will be able to authenticated the user automatically.
If you want to implement a cross domain SSO using Forms Authentication here's what you could do:
The user navigates to foo.com and signs in. The application hosted on foo.com uses standard Forms Authentication, nothing fancy.
The user decides to go to bar.com and clicks on a link that you created. This link could contain a token parameter which will contain the encrypted username. This encryption could be done using the machine keys and look something like this: https://bar.com?token=ABC.
The application hosted on bar.com receives the request and because it uses the same machine keys as the other application it is capable of decrypting the token and fetching the username. Then it simply signs in the user by emitting an authentication cookie locally and the user is automatically signed in bar.com.

Below is an example for SSO for websites sharing same domain
http://www.codeproject.com/Articles/27576/Single-Sign-on-in-ASP-NET-and-Other-Platforms

Please see my answer here. Basically you need to set Authentication mode to windows on web.config and use HttpContext class to retrieve user identity which takes data from Active directory
https://stackoverflow.com/a/40938106/950944