Using Cross-Domain Form Authentication

Question

Using Cross-Domain Form Authentication

here is our problem .. We created an MVC Web-api that uses cookie authentication forms to handle sessions. When we use our front-end web page in the same domain (localhost or web-server) as web-api, everything works fine. (We use jQuery $ .get and $ .post to communicate with web-api).

Although the interface in the future should be a standalone html5 application, not located in the same domain as the web-api. Unfortunately this does not work.

The web-api returns authentication to the client, but the cookie does not return to the web-api when the external interface sends it. When both web api and front-end are in the same domain, a cookie is automatically sent with a request.

We tried the "Access Control-Allow-Origin: *" and "Access Control-Allow-Authentication: true" settings in the webconfig web-api file.

+6

asp.net-mvc asp.net-web-api cross-domain forms-authentication

Olle lind May 17 '12 at 8:55

source share

1 answer

Rajeesh · Accepted Answer · 2012-05-17T09:31:40+0000

You need single sign-on (SSO).

The browser will only use cookies in the same domain, so it did not work when applications are located in different domains.

CodeProject has a good article on SSO implementation in ASP.NET - http://www.codeproject.com/Articles/106439/Single-Sign-On-SSO-for-cross-domain-ASP-NET-applic , which also applies to ASP.Net MVC.

Using Cross-Domain Form Authentication

More articles: