How do I implement single sign on using forms authentication?
Answer:
If you need a single sign on to work across multiple applications located in separate virtual directories, you need to share a common authentication ticket which can be decrypted and integrity checked by every application.
For this you must manually generate validationKey and decryptionKey values and set these values on the <machineKey> element in the machine level Web.config file. Additionally you must ensure that the name and path attributes in the <forms> element is same for each application.
To generate cryptographically random keys, use the RNGCryptoServiceProvider class to generate a cryptographically strong random number. The key must be a minimum of 40 hexadecimal characters (20 bytes) and a maximum of 256 hexadecimal characters (64 bytes) long.
using System;
using System.Text;
using System.Security;
using System.Security.Cryptography;
class App
{
static void Main(string[] argv)
{
int len = 128;
if (argv.Length > 0)
len = int.Parse(argv[0]);
byte[] buff = new byte[len/2];
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
rng.GetBytes(buff);
StringBuilder sb = new StringBuilder(len);
for (int i=0; i<buff.Length; i++)
sb.Append(string.Format("{0:X2}", buff[i]));
Console.WriteLine(sb);
}
}
Use the generated keys to configure machineKey settings in your Web.config file as follows. Use separate keys for validationKey and decryptpionKey.
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;