views:

3105

answers:

5

We have several ASP.NET applications deployed to a few servers. Is there a standard way to reuse session data or some other method to not require users to log in to the next application when moving from application to application if they've already authenticated? I'm hoping there's a best practices way of doing this that you guys know about. I feel like there should be something easy that I'm missing.

Thanks.

Edit: To be be more clear, the main info in the session that I'd like to pass is the authenticated userid, but possibly some other session variables as well.

A: 

For the session check this: http://www.codeproject.com/KB/aspnet/Sharing_session_state.aspx

Complement with this so the cookie is shared: http://mgrzyb.blogspot.com/2007/12/aspnet-and-subdomains.html

eglasius
I don't think what will work across sub-domains, since the session cookie by default has the full host name.
chris
updated with a link to more info on how to get pass the sub-domain issue
eglasius
btw, I know that works that way, but this guy claims you can do it easier: http://forums.asp.net/t/1332808.aspx (not sure if it does, but worth to try)
eglasius
A: 

It's not clear from you question if you're just concerned about logons, or if you really need to share session data between applications.

Assuming the latter, you could try something like this:

  • first, make sure all the appliations are running in the same domain. If not, all bets are off. I don't know if there's a simple way to configure the domain property of the session cookie yet, so you may have to do it yourself, by setting the cookie domain property to the domain:

    Response.Cookies["ASP.NET_SessionId"].Domain = ".mydomain.com";

  • you'll need to make sure that each application is configured to use either a common state server, or a db-backed session.

chris
A: 

Sharing a sign-on between applications (covered above) is quite a different ball game to sharing ASP.NET Sessions between applications.

Why do you want to share Sessions between applications?

ASP.NET Session is a metaphor for a user's current interaction with one ASP.NET application. It exists in ASP.NET to give us a place to store temporary state data between the various page requests that a user makes while using your application.

If your applications are very closely related, e.g. the user uses both at the same time, or almost the same time, you could consider merging them into a single ASP.NET application.

If your applications are not that closely related, perhaps they should be sharing the same database as a means to exchange data, or using an API e.g. based on Web Services to exchange information.

Hope that helps.

saille