tags:

views:

189

answers:

1
+1  Q: 

asp.net mvc custom membership provider - strict login cache to one application

I created custom membership provider for asp.net mvc applications and it all works fine except one thing:
when logged in to my application, I am also logged in to all other asp.net mvc applications that I run using Visual Studio. I suppose this data is being pulled from cache because when I logout and try to login again in other application, I'm being rejected.

In webconfig, I added applicationName in order to solve this but it didn't work:

<membership defaultProvider="SAMembershipProvider" userIsOnlineTimeWindow="15">
      <providers>
        <clear/>
        <add
          name="SAMembershipProvider"
          type="ShinyAnt.Membership.SAMembershipProvider, ShinyAnt"
          connectionStringName ="ShinyAntConnectionString"
          applicationName="MyApp"
          />
      </providers>
    </membership>

    <roleManager defaultProvider="SARoleProvider" enabled="true" cacheRolesInCookie="true">
      <providers>
        <clear/>
        <add
          name="SARoleProvider"
          type="ShinyAnt.Membership.SARoleProvider"
          connectionStringName ="ShinyAntConnectionString"
          applicationName="MyApp"
          />
      </providers>
    </roleManager>

Is there any method that I forgot to implement that is dealing with this problem or it is something else?

+2  A: 

Hi ile,

It's probably a bit late for you, but maybe other people reaching this page may find this useful.

By default, forms authentication uses a browser cookie to save your authentication state, and they are scoped (and restricted) to a (sub)domain level (probably http://localhost/ in your case?).

This means that every application running under the 'localhost' domain root ( http://localhost/App1, http://localhost/App2) has access to the same authentication cookies.

you might be able to work around this issue by specifying a different cookie name per application in the web.config:

<authentication mode="Forms">
  <forms name="[cookie name]"></forms>
</authentication>

Hope this helps...

Zidad  2010-09-21 13:25:25
Hey Zidad, I just saw your answer and things are much more clear now. Thank you!
ile  2010-10-11 11:45:55

related questions

after running aspnet_regsql.exe , do I have to init the db with data? how?
Not using e-mail address in a custom MembershipProvider?
How to pass the current user to a web control declaratively
How do you rename a Role using Membership in .NET?
What encryption algorithm does the .net membership provider use?
Membership.GetUser() & MARS
Web.config editing for Membership Role Authorization
Globalization of Membership exceptions isn't taking place... What to do?
OpenId development while disconnected from Internet
programmatic login with .net membership provider
Addin extra properties to MembershipProvider
ASP.Net Providers from web server in DMZ
ASP.NET PasswordRecovery Control with Localized content
Examples of asp.net mvc and authentication
ASP.NET Membership for high security scenarios?
ASP.NET Forms Authentication With Only UserName
What to use for membership in ASP.NET
How can I wrap a transaction around Membership.CreateUser?
New site creation and security/authentication,- should I use ASP.net Membership Provider?
ASP.NET WSAT (Website Administration Tool) and Custom Membership Providers
How do you manage asp.net SQL membership roles/users in production?
How to access UserId in ASP.NET Membership without using Membership.GetUser() ?
Can I use OpenId with the ASP MembershipProvider?
How do you pass an authenticaticated session between app domains
Class design decision