Base solution for your next web application
Open Closed

Single Sign On using authentication cookie #1352


User avatar
0
szilardd created

Hi

I'm trying to use Module Zero as a single-sign on source. I have two MVC 4 websites using forms authentication and want to use the authentication functionality of Module Zero for them.

I've successfully followed this approach with the two MVC4 sites and a sample MVC5 site which uses IdentityProvider (similar to what Module Zero uses) so I can confirm that it works.

<a class="postlink" href="http://www.alexboyang.com/2014/05/28/sso-for-asp-net-mvc4-and-mvc5-web-apps-shared-the-same-domain/">http://www.alexboyang.com/2014/05/28/ss ... me-domain/</a>

But if I apply the same changes to Module Zero it doesn't work, the authentication cookie is decrypted/encrypted successfully but something prevents the authentication to work completely. After applying the changes from the blog, I can't even log in to the Module Zero site from the login page.

If I debug the code, the login is successful, but something in the internals of Module Zero rejects the authentication and always redirects back to the login page.

Any advice ? Thanks


1 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    I didn't make it work either, byt you can try to do another approach,

    Define a custom data protector,

    public class MachineKeyProtector : IDataProtector
    {
        private readonly string[] _purpose =
        {
            typeof(OAuthAuthorizationServerMiddleware).Namespace,
            "Access_Token",
            "v1"
        };
    
        public byte[] Protect(byte[] userData)
        {
            return System.Web.Security.MachineKey.Protect(userData, _purpose);
        }
    
        public byte[] Unprotect(byte[] protectedData)
        {
            return System.Web.Security.MachineKey.Unprotect(protectedData, _purpose);
        }
    }
    

    Then use it like this,

    TicketDataFormat = new TicketDataFormat(new MachineKeyProtector()),
    

    Can you also share your CookieAuthenticationOptions definition ?

    Thanks,