StrataFrame Forum

Web site authentication question

http://forum.strataframe.net/Topic24516.aspx

By Greg McGuffey - 9/3/2009

My company is investigating upgrading to SharePoint 2007 from SharePoint 2003. Apparently the 2007 version now uses two web sites, one for the normal stuff and one for the "My Site". The issue is that our users are NOT logged into the domain. They are almost all remote (maybe 20 out 200 are in the office). The site uses domain authentication, thus when they access it, IE prompts them for domain credentials, and they then get on. Unfortunately, when they then choose "My Site", they have to login again, as it is a different site and apparently IE doesn't reuse the already applied authentication (which makes sense).



Does anyone know of a way for two web sites, on the same server, to share the same authentication credentials so the user only has to login once?



Thanks!
By Keith Chisarik - 9/3/2009

I think I know how to do this, I did it for a website I did a while ago, you basically pass the authentication ticket along and tell site two that is is OK to share it. It sucked, took me 2 days to find and make work, if noone else has posted it by tomorrow AM, ill be happy to dig it out and post.

Just to clarify, you want to authenticate once to sitea.com and not have to reauthenticate to siteb.com hosted on the same server? 

By Keith Chisarik - 9/3/2009

It's going to snow, I found my notes from 2 years ago. Not an exact fit, but might point you in the right direction or give an idea. My specific need was to share authentication across virtual directories running different ASP.NET applications on the same web server.

Beyond the changes to web.config I know there was some code required to pass the ticket and then read it in the accepting app. I will post it if this turns out to be at all relevant or helpful to you, which it may not since you are talking Sharepoint, which I dont use.

Notes:

Make sure that you explicitly define the “validationKey” and “decryptionKey” attributes in the <machineKey /> section of your applications’ web.config files.  By default, these are configured to AutoGenerate/IsolateApps – which will end up generating separate unique keys in each application (which means that the decryption algorithm will not be able to convert a forms-authentication ticket issued from one application in another).  By having them all share the same key value, the applications and encrypt/decrypt/validate cookie values can be read by each other.

If you need a single logon to work across multiple applications located in separate virtual directories, you need to share a common authentication ticket. To configure a common authentication ticket, you must manually generate validationKey and decryptionKey values and ensure that each application shares these values.

If you want to share tickets across all applications on your server you can set these manual values on the <machineKey> element in the machine level Web.config file. To share tickets across specific applications, you can use a <machineKey> element with common validationKey and decryptionKey values in the relevant application's Web.config files.

 I found a machine key generator we used

a.  Generator - http://www.eggheadcafe.com/articles/GenerateMachineKey/GenerateMachineKey.aspx

b.  Code - http://www.eggheadcafe.com/articles/20030514.zip

2)  I had to change the “cookieless” property of the “forms” tag in web.config to “UseCookies”, the default for ASP.NET 2.0 and above is cookieless.
By Greg McGuffey - 9/4/2009

Just to clarify, you want to authenticate once to sitea.com and not have to reauthenticate to siteb.com hosted on the same server?




Yes, that is correct.
By Greg McGuffey - 9/4/2009

So, these notes are all related to using form authentication?