Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Browser does not pass cookies of one domain to another domain - so in your case, cookies for <code>authroize.com</code> and <code>legacy.com</code> have different scopes and browser will not share them. So your scheme will not work. </p> <p>However, if you can make both sites as a part of same domain (e.g. <code>authroize.myite.com</code> and <code>legacy.mysite.com</code>) then cookie created as parent domain (<code>mysite.com</code>) will be shared across both sites. Note that ASP.NET allows you to set the domain for the cookie <a href="http://www.asp.net/security/tutorials/forms-authentication-configuration-and-advanced-topics-vb" rel="nofollow">using domain attribute of forms configuration element</a>. Of course, you still need to have same set of machine keys for both the servers.</p> <p>For cross-domain authentication to work, you have to basically implement single sign-on feature. In your case, a implementation outline will be would be</p> <ol> <li>Legacy site will redirect to authentication site for authentication passing the return url</li> <li>authentication site will authenticate the user, set the cookie for itself and then redirect to legacy site return url passing the token for the authenticated user.</li> <li>A simplistic implementation for a token can be user identity encrypted by shared private key. However to avoid replay attacks etc, you need to add time-stamp into the token. Also legacy site also needs to pass some random salt value while requesting authentication that will be used for hashing etc.</li> <li>Once legacy site receives the user token, it validates the token (by decrypting it, checking hash &amp; time-stamp etc) and set its own authentication cookie.</li> </ol> <p>See <a href="http://www.codeproject.com/KB/aspnet/SingleSignon.aspx" rel="nofollow">this link (for subdomain)</a> &amp; <a href="http://www.codeproject.com/KB/aspnet/CrossDomainSSOModel.aspx" rel="nofollow">this link (for cross domain)</a> that describes above approaches in more detail.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload