We have several ASP.NET applications deployed to a few servers. Is there a standard way to reuse session data or some other method to not require users to log in to the next application when moving from application to application if they’ve already authenticated? I’m hoping there’s a best practices way of doing this that you guys know about. I feel like there should be something easy that I’m missing.
Edit: To be be more clear, the main info in the session that I’d like to pass is the authenticated userid, but possibly some other session variables as well.
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
you could implement a single-signon strategy for your applications.
For the session check this: http://www.codeproject.com/KB/aspnet/Sharing_session_state.aspx
Complement with this so the cookie is shared: http://mgrzyb.blogspot.com/2007/12/aspnet-and-subdomains.html
It’s not clear from you question if you’re just concerned about logons, or if you really need to share session data between applications.
Assuming the latter, you could try something like this:
first, make sure all the appliations are running in the same domain. If not, all bets are off. I don’t know if there’s a simple way to configure the domain property of the session cookie yet, so you may have to do it yourself, by setting the cookie domain property to the domain:
Response.Cookies[“ASP.NET_SessionId”].Domain = “.mydomain.com”;
- you’ll need to make sure that each application is configured to use either a common state server, or a db-backed session.
Sharing a sign-on between applications (covered above) is quite a different ball game to sharing ASP.NET Sessions between applications.
Why do you want to share Sessions between applications?
ASP.NET Session is a metaphor for a user’s current interaction with one ASP.NET application. It exists in ASP.NET to give us a place to store temporary state data between the various page requests that a user makes while using your application.
If your applications are very closely related, e.g. the user uses both at the same time, or almost the same time, you could consider merging them into a single ASP.NET application.
If your applications are not that closely related, perhaps they should be sharing the same database as a means to exchange data, or using an API e.g. based on Web Services to exchange information.
Hope that helps.