c# - Create MVC 3 ASPXAUTH cookie from MVC 5.1 application - Single Sign on -

-

i have 2 seperate websites, main 1 running .net 4.5 mvc 5.1 other on subdomain running .net 4.0 mvc3.

i want single sign-in when user logs main site need set cookie subdomain read if user logged in there too. problem calling formsauthentication.setauthcookie same paramters 2 application results in different cookie. need create mvc 3 aspxauth cookie from mvc 5.1 application

simply using mvc 5.1 generated cookie doesn't log user mvc 3 application. i've set machine key same both application 1 generated mvc3 50 characters longer 1 set (total 150+ characters).

actually here's 2 cookies:

using system.web.security.cryptography; byte[] binarymvc3cookie = cryptoutil.hextobinary("0b406403c8fb8de06fbf43291c48bed31c41fc2dcdfb81541a65a2b842e63b609fa6d146f3cf68968240ed5d5ef75a2fec2c0d4b4ff99cd4daf974d264a08d794bbf75eb6c4f40f08f9a6a97b1a4e130b9fc9cc9e5c55e93d06d9a9d56427110637874da4059d18d0d4929de04360df72e13db09"); byte[] binarymvc5cookie = cryptoutil.hextobinary("6d0c1b88cc6fb663b59fbaec4bbdf02751c8ec70f2988bbc175f750af7ce32412bfb2c8f79d24b0e6e832a51ccf479d7492a49d808a8c101fab050e410d8f561bd7944694df7dd74f09cf348d1bdd7e2bc0d9709");

formsauthentication.decrypt() works fine on mvc5 cookie (of course since generated there) throws cryptography exception mvc 3 cookie. decompiled assembly , executed lines of interest in immediate window find exception throw internally following line:

icryptoservice cryptoservice = aspnetcryptoserviceprovider.instance.getcryptoservice(purpose.formsauthentication_ticket, cryptoserviceoptions.none); byte[] numarray = cryptoservice.unprotect(binarymvc3cookie); //here exception

i'm going need recreate mvc 3 cookie mvc 5.1 app. if has ideas please tell!

edit: had epiphany how circumvent hackery. i'll make webclient call mvc 3 app , correct cookie value. =o (note making webclient call login method on mvc3 application , having call formsauthentication.setauthcookie did not work. had send cookie value on , set subdomain cookie in main app

we improved entire cryptographic stack in asp.net 4.5. end result forms authentication ticket format different mvc 3 (.net 4.0) application vs. mvc 5.1 (.net 4.5) application.

see http://blogs.msdn.com/b/webdev/archive/2012/10/23/cryptographic-improvements-in-asp-net-4-5-pt-2.aspx lots more info on this. here's excerpt document detailing how achieve backward compatibility can share cookies between .net 4.0 , .net 4.5 applications:

if writing application targeting asp.net 4.5 (you have set <httpruntime targetframework="4.5" />) , need share tickets applications running earlier versions of asp.net, must set following in 4.5 project's web.config:

<machinekey compatibilitymode="framework20sp1" />

Comments

Post a Comment

Popular posts from this blog

java - WrongTypeOfReturnValue exception thrown when unit testing using mockito -

-
my test list<person> mylist; @test public void testisvalidperson() { mylist = new arraylist<person>(); mylist.add(new person("tom")); when(persondao.get(person)).thenreturn(mylist); when((persondao.get(person)).isempty()).thenreturn(false);//------exception thrown boolean result = service.isvalid("tom"); assertfalse(result); } method tested: public boolean isvalid(string person){ persondao = new persondao(); person personobj = new person(person); return (persondao.get(person).isempty())?false : true; } exception thrown: org.mockito.exceptions.misusing.wrongtypeofreturnvalue: boolean cannot returned get() get() should return list *** if you're unsure why you're getting above error read on. due nature of syntax above problem might occur because: 1. exception *might* occur in wrongly written multi-threaded tests. please refer mockito faq on limitations of concurrency testing. 2. sp
Read more

php - Magento - Deleted Base url key -

-
i working on cleaning url: http://mydomain.com/shop/shop/deals i going through settings in configuration tab in admin panel on magento , change secure , unsecure base urls remove first base url "shop" web page read: http://mydomain.com/shop/deals so changed unsecure base urls mydomain.com/shop mydomain.com , secure 12.345.67.89/shop 12.345.67.89. wrong thing do. i cannot reload page or admin console. how access these files through ftp , change correctly there?? when make changes in admin panel changes made in database not in file. have make changes in database. 1.go database , select core_config_data table under table find web/unsecure/base_url , web/secure/base_url . make changes here. don't forget clear cache in var/cache folder
Read more

android - How to disable Button if EditText is empty ? -

-
i have edittext , button in application. when button clicked,the text entered in edittext added listview. i want disable button if edittext empty.how ? this code button click imagebutton imb=(imagebutton)findviewbyid(r.id.btn_send); imb.setonclicklistener(new onclicklistener() { @override public void onclick(view arg0) { edittext et = (edittext)findviewbyid(r.id.edittext1); string str = et.gettext().tostring(); web1.add(str); toast.maketext(shoutsingleprogram.this, "you entered...."+str, toast.length_short).show(); adapter1.notifydatasetchanged(); et.settext(""); } }); } how can ? edittext1.addtextchangedlistener(new textwatcher() { @override public void ontextchanged(charsequence s, int start, int before, in
Read more