asp.net Generic Handler isAuthenticated

Question

I got two website, domain1.com and domain2.com, on domain1.com I have a generichandler that will write a response which tells whether or not the user is authenticated using:

string json = "{\"status\":\"" + HttpContext.Current.User.Identity.IsAuthenticated + "\"}";
HttpContext.Response.Clear();
HttpContext.Response.ContentType = "application/jsonp"
HttpContext.Response.Write(json);

now if I view the generichandler using my browser everything works fine, if the user is logged in it will return "status":"true" otherwise "status":"false"

the problem starts when I send a request from domain2.com to this generichandler using $.get(), the result will always be "status":"false" regardless whether or not the user is logged in. Is this because there are some kind of cross domain violations? I really dont understand this, please help me, thank you.

score 1 · Accepted Answer · answered Jun 16 '13 at 04:27

1

When you use ASP.NET Forms Authentication a ASPXAUTH cookie is created for that domain.

Cookies are sent with each request so ASP.NET will look for the ASPXAUTH cookie (which doesn't exist in domain2.com) and determine that the user is not authenticated.

You might have to look into a cross domain SSO solution that fits your needs. Have a look here: http://www.codeproject.com/Articles/106439/Single-Sign-On-SSO-for-cross-domain-ASP-NET-applic

answered Jun 16 '13 at 04:27

Fahad

2,903
3
18
13

sorry for my late reply and thank you for your help, :-). It's funny you mentioned that article, I have already read it. – Mike Zhang Jun 17 '13 at 07:02

asp.net Generic Handler isAuthenticated

1 Answers1