1

I am trying to get a single login for multiple projects.

All projects use the same DB and therefore the same login details.

I have got all the projects looking at the same login page but when one logs in it doesnt automatically log in for the others so if I then load up the second project it requires logging in again.

I'm also struggling to get the return Url to be correct.

Each project has this in the Web.Config 

<authentication mode="Forms">
  <forms loginUrl="http://localhost:56131/User/Login" timeout="2880"/>
</authentication>

The login controller looks like this:

[AllowAnonymous]
    public ActionResult Login(string returnUrl)
    {
        if (Request.UrlReferrer != null)
        {
            returnUrl = Server.UrlEncode(Request.UrlReferrer.AbsolutePath);
        }

        var model = new NewUserModel();
        TempData["ReturnUrl"] = returnUrl;
        return View(model);
    }

    [HttpPost]
    [AllowAnonymous]
    public ActionResult Login(UserModel model, string returnUrl)
    {
        SpoakEntities ctx = new SpoakEntities();

        if (ModelState.IsValid)
        {
            string Identity = model.UserName;
            string password = model.Password;

            try
            {



                var User = (from u in ctx.Users
                            where u.UserName == model.UserName
                            select u).SingleOrDefault();

                bool userValid = ctx.Users.Any(user => user.EmailAddress == Identity || user.UserName == Identity) && Crypto.VerifyHashedPassword(User.Password, password);
                //bool userValid = ctx.Users.Any(user => user.EmailAddress == Identity || user.UserName == Identity) && User.Password == password;

                //if (userValid && WebSecurity.Login(Identity, password))
                if (userValid)
                {
                    //TODO: Use ControllerContext to redirect to the correct place
                    FormsAuthentication.SetAuthCookie(User.Guid.ToString(), false);
                    var authTicket = new FormsAuthenticationTicket(1, User.Guid.ToString(), DateTime.Now, DateTime.Now.AddMinutes(200), true, User.Role.ToString());
                    string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
                    var authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
                    HttpContext.Response.Cookies.Add(authCookie);

                    if (Url.IsLocalUrl(returnUrl))
                    {
                        return Redirect(returnUrl);
                    }
                    else
                    {
                        return RedirectToAction("Index", "Home");
                    }
                }
                else
                {
                    ModelState.AddModelError("", "The user name or password provided is incorrect.");
                    return View();
                }
            }

            catch (Exception ex)
            {
                ModelState.AddModelError("", "The user name or password provided is incorrect.");
                return View();
            }
        }

        return View(model);
    }

Anyone able to help?

Lex Eichner
  • 1,056
  • 3
  • 10
  • 35
  • 3
    You are looking voor Singele Sign On (SSO)? Take a look here: https://www.identityserver.com/ –  Apr 30 '17 at 10:23
  • Thanks for that. I am really just looking for my projects to recognise that a user has logged in using Forms Authentication. I could manually check using logic in the controller but I am sure there must be a way to do it using Forms Auth. – Lex Eichner May 01 '17 at 11:28
  • I assume all projects are on the same domain? This question contains information that can help you: http://stackoverflow.com/questions/2453677/single-sign-on-with-forms-authentication And especially the link in the question: https://www.codeproject.com/Articles/27576/Single-Sign-on-in-ASP-NET-and-Other-Platforms –  May 01 '17 at 17:03
  • You have one entry point for authentication and you always end up at the same login page. You use cookie based authentication. Why don't you test in login-get if user isn't already authenticated? I think the user should be authenticated, and if so you can redirect instead of showing the login view. –  May 02 '17 at 21:40

0 Answers0