Geek asks and answers

How to get current context or user id from a separate .NET application?

Background

I am developing iterative migration from a legacy ASP.NET forms application to an MVC 4 application.

This migration occurs in stages, one section at a time, so you need to run both the legacy and the new MVC application at the same time. For some sections, the user accesses the new application, and for sections that have yet to be migrated, the user returns (or stays on) to the outdated application.

On the server, the applications are structured as follows:

LEGACY (.NET 2.0 forms app)--
                            |--Api (new MVC 4 WebAPI)
                            |--V2 (new MVC 4)

Thus, the foodefault page call is - /foo.aspx, and on V2 - /V2/foo.

Everything is in C #, but note that the legacy application runs on .NET 2.0, and the V2 application runs on .NET 4.5 . I'm not sure if that matters, but I thought it would be important to note.

Problem

I cannot successfully share user / authentication status between applications. Obviously, if a user has registered in an outdated application, I need to grab his cookie (or take similar actions) in V2 when the V2 page is called so that the user does not receive an invitation to log in again.

What i tried

I found the same elements authenticationand machinekeyin both files web.config:

  <authentication mode="Forms">
      <forms cookieless="UseCookies" defaultUrl="~/someUrl" loginUrl="/" path="/" protection="All" timeout="240"  enableCrossAppRedirects ="true" domain="someDomain.com" requireSSL="false"  />
  </authentication>
  <machineKey validationKey="DE78CF63226. . .788658D142AB881" decryptionKey="0B97E8BA4C4EB4B4C524. . .54E4622E14168D2D5C84461FA2" validation="SHA1" decryption="AES" />

I tried this code in the Global.asax application of V2 application:

protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
    string cookieName = FormsAuthentication.FormsCookieName;
    HttpCookie authCookie = Context.Request.Cookies[cookieName];

    if (authCookie == null)
    {
        return;
    }
    FormsAuthenticationTicket authTicket = null;
    try
    {
        authTicket = FormsAuthentication.Decrypt(authCookie.Value);
    }
    catch
    {
        return;
    }
    if (authTicket == null)
    {
        return;
    }
    string[] roles = authTicket.UserData.Split(new char[] { '|' });
    var id = new FormsIdentity(authTicket);
    var principal = new GenericPrincipal(id, roles);

    //Thread.CurrentPrincipal = principal;

    Context.User = principal;
}

, , , V2, , V2, Legacy V2.

HomeController , - :

 ViewBag.UserName = User.Identity.Name;

, ViewBag.UserName html , .

+5
3

auth, .NET 2.0 4.0; 4.0

<appSettings>
    <add key="aspnet:UseLegacyFormsAuthenticationTicketCompatibility" value="true" />
    <add key="aspnet:UseLegacyEncryption" value="true" />
    <add key="aspnet:UseLegacyMachineKeyEncryption" value="true" />
</appSettings>

, auth, webapi, CSRF, . asp.net

+2

/, ? ( cookie , .. *.mydomain.com).

For example, if the V1 application is located at v1.somedomain.com and the cookie is set to v1.somedomain.com. Then V2, at v2.somedomain.com, will not see this. However, if you set the cookie to * .somedomain.com, then both applications will see the cookie.

However, if V1 is on v1domain.com and V2 is on v2domain.com, you're out of luck. There is no way to share a cookie.

+1
source

More articles:


All Articles