Note: this solution need the cookie enabled on the client browser.
Suppose you have two web applications (asp.net or SharePoint) and you have one asp.net membership provider database for both what you will did to create single sign on between these two applications ?
because these two web applications will use one membership database so once the user will login from any login form control in any application of them , the membership and forms authentication classes will manage this and once you logged in from any of them you will logged in to the other if your applications in the same domain even they are hosted in different servers.
the problem is that membership using special cookies putted in the client side , cookies always related to the domain , so try to get the cookie putted by the first application in the first domain by the second application in second domain you will not find it becuase each application can only see the cookies related to its same domain ! !
Login Form Control , how it works ?
Login form control used System.Web.Security.Membership , System.Web.Security.MembershipUser and System.Web.Security.FormsAuthentication classes to do this , these is main steps that Login Form control did to authenticate the user:
1-Validate the user using Membership.ValidateUser(ustring sername , string password) method , it will return a Boolean number indicates the user login information is valid or not.
2-Get MembershipUser object for this user by using Membership.GetUser(username) method that return an object from MembershipUser
3-Some checks about the user status like the user is Locked Out or not , the user is approved or not , these checks based on your configuration (for example you will not permit users that are not approved to login) , these checks are done by using MembershipUser attrbuites like MembershipUser.IsLockedOut and MembershipUser.IsApproved , etc… you can discover it
4-Put a cookie in the client to detect the user every time he/she logged in
What is the problem when host these two web applications in deffrent domains ?
Solution for single sign on (SSO) with custom logins pages impletining the same Login Form control mechanism
We will implement the same mechanism with the our custom login forms and .Net classes that the LoginForm control uses it
1-Create customlogin forms rather than using the LoginForm control , for sharepoint users its easy just create your form in a new page that implement the SharePoint master page then change the login page url from your sharepoint web application web.config file in this section (this section will created by you when you enable forms authentication in SharePoint we will discuss this topic in another post soon)
2-With the same mechanism we discussed above for LoginForm control , In the event handler of the login button (in both applications) add the code to check the user and set the cookie (this cookie will related to this domain )(complete code below)
3-After set the cookie we will redirect to another code page (that we will create it as an authentication page) in the second application and we will send a flag (query string named username) that carry the username (for sure you must encrypt this query string then decrypt it in the redirected page) and send another flag (BackUrl) that carry the URL for the default page for the first application.
4-Authentication page in the second application will receive the query strings then create another cookie from the username sent by query string (this cookie will have the same login information that inside the first cookie only each cookie related to his domain )and will redirect to the URL which included in the Back URL parameter sent by the login page in the query string also
This figure describe it
5-after this will finish the forms authentication will check the cookie in the first application its exists ,valid and related to the first domain , and forms authentication in the other application in the other domain also will check the same information exists but in the other cookie related to the other domain so the user will logged in into two domains
Easy you can Login from twice applications with the same mechanism (custom login page , authntication page) in each application
The Full Code For This Solution
//txtUserName is the text box ID that will carry the user name
//txtPassword is the text box ID that will carry the password
//Check and validate the user is exists with the right user and password or not
if (Membership.ValidateUser(_txtUserName.Text, _txtPassword.Text))
// Get the MembershipUser object
MembershipUser user = Membership.GetUser(_txtUserName.Text);
//Check the user object is returned and the user is not locked from login , for sure you can do many checks as you need using //MembershipUser attrbuites like MembershipUser.IsApproved
if (_user != null)
//do something like display a message that this account is locked out
//set the cookie
Authentication Page Code
string username= Convert.ToString(Request.QueryString[“username”]);
string backURL = Convert.ToString(Request.QueryString[“BackURL”]);
if (!string.IsNullOrEmpty(username) && !string.IsNullOrEmpty(backURL) )
Note: you must encrypt the query string then decrypt it from login page to authentication page , i didn’t include this part here for clear code so do it with your encryption way !