Home > ASP.NET > Conflict in Form Authentication between two web sites

Conflict in Form Authentication between two web sites

 

I faced a problem with authentication which sounds like conflicting between  user identity between two web sites.

Problem description: Two ASP.Net 2 web sites were deployed to the  production environment and both use Form Authentication. If a user access these  sites from two tabs of an explorer window, as soon as he login in the second web  site it reset the authentication on the first web site, i.e, change  Request.IsAuthenticated to False and Me.Page.User.Identity.Name to BLANK in the  first web site.

In both web sites:

set in the web.config:

<authentication mode="Forms">

And there is login page which authenticate the user with a code such as

  

Protected Sub Login1_Authenticate(ByVal sender As Object, ByVal e As 
  System.Web.UI.WebControls.AuthenticateEventArgs) Handles Login1.Authenticate  

  If Login1.UserName = "U1" And Login1.Password = "PASS" Then  

    FormsAuthentication.RedirectFromLoginPage(Login1.UserName, False)  

    e.Authenticated = True
  End If
End Sub  

These websites individually work fine and  Request.IsAuthenticated hold its value with no problem. The problem only occurs  if the other website accesses trhough a different tab of the same browser. Also I tested these websites work if they installed on different  Servers.

I posted this problem to Microsft ASP.Net Forum where I found the cause and the solution of the problem.

Solution:

This problem occures  because no unique name assigned to the Authentication element. The Authentication element should contain a Forms subelement and Forms has the Name attribute which should be unique for each website.

Example:

<system .web>
  <authentication mode="Forms">
     <forms loginUrl="Logon.aspx" name=".ASPXFORMSAUTH"></forms>
  </authentication>
</system>

In my case the problem could be fixed by changing the Web.config as follow.

Website 1:

  

</authentication><authentication mode="Forms">
<forms name ="App1Cookie" loginUrl="login.aspx" 
  defaultUrl="default.aspx" timeout="20"></forms>
</authentication>  

Website2

  

<authentication mode="Forms">  

<forms name ="App2Cookie " loginUrl="login.aspx" 
 defaultUrl="default.aspx" timeout="20"></forms>
</authentication>  

Reference: http://msdn.microsoft.com/en-us/library/xdt4thhy.aspx

Advertisements
Categories: ASP.NET
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: