[SOLVED] WebForms FormsAuthentication – Redirect after authentication results in Login Page to be called again

Issue

I have 2 ASP.NET WebForms projects under 2 different domain names. The first is merely a file server where important documents are stored. I am busy implementing FormsAuthentication so that if someone enters the URL of a document in a web browser, a redirect is done to a login page of the second WebForms project under a seperate domain name. I have pasted the Web.config content of the first File Server project and then the code from the second project to Authorize the download of the document. You will see that the code is not yet complete. What happens that the redirect is done to the login page. When authenticated, the redirect is done to the file, but the file server or first app sees this as a new attempt of accessing the file and redirects again to the login page. It is as if the cookie is not received from the file server.

Help will so much be appreciated.

  1. App 1 – Just to store files.

    <system.webServer>
        <modules>
            <remove name="FormsAuthentication" />
            <remove name="DefaultAuthentication" />
            <add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" preCondition="" />
            <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" preCondition="" />
        </modules>
    </system.webServer>
    
  2. App 2 – Doing authentication and directs to the file on the fileserver (Note that both apps are on different domains)

    protected void btnLogin_Click(object sender, EventArgs e)
    {
    bool Validated = true; // Still to be implemented

            if (Validated)
            {
                FormsAuthenticationTicket Ticket = new FormsAuthenticationTicket(1, ".ASPXSAFECYTE", DateTime.Now, DateTime.Now.AddMinutes(30), true, "");
    
                string CookieString = FormsAuthentication.Encrypt(Ticket);
                HttpCookie Cookie = new HttpCookie(FormsAuthentication.FormsCookieName, CookieString);
    
                Cookie.Expires = Ticket.Expiration;
                Cookie.Path = FormsAuthentication.FormsCookiePath;
                Response.Cookies.Add(Cookie);
    
                if (Request["ReturnUrl"] == null)
                    Response.Redirect("~/Login.aspx", true);
                else
                {
                    string ReturnUrl = SystemProperties.FilesServerAddress.TrimEnd(new char[] { '/' }) + Request["ReturnUrl"];
                    Response.Redirect(ReturnUrl, true);
                }
            }
        }
    

Kind regards,

Jaco

Solution

For security purposes, Cookies can only be created for the hosting domain and/or it’s subdomains. Therefore, creating a Cookie from one domain for another will not work.

Answered By – Jesse Johnson

Answer Checked By – Marilyn (BugsFixing Volunteer)

Leave a Reply

Your email address will not be published. Required fields are marked *