Forms Authentication Post From Remote URL

0
votes

Instead of going directly to my forms authentication login page: https://sub.domain.org/forms/Login/default.aspx?ReturnUrl=xyz
and manually entering the username/password:

I am wondering if it is possible to post to an asp.net forms authentication url from a separate page

Example File:
https://sub.domain.org/forms/tests/login.html

<html><head><title>Test Page...</title></head> 
   <body>Connecting... 
   <form name="login" method="post" action="https://sub.domain.org/forms/Login/default.aspx"> 
   <input type="hidden" name= "username" value="someusername"> 
   <input type="hidden " name="password" value="somepassword"> 
   </form><script language="JavaScript"> 
   document.login.submit(); 
   </script></body></html>

However, all this does is redirect to the login page. https://sub.domain.org/forms/Login/default.aspx
It doesn't seem to create the session cookie.

I am trying to implement something like this between a portal authentication and my webforms authentication. The portal has support for running some code like above.

Any help would be greatly appreciated.

UPDATE: Here is the web.config section for the forms authentication based login application: https://sub.domain.org/forms/Login/default.aspx

<system.web>
    <compilation debug="true" targetFramework="4.0" />

  <machineKey
    validationKey="3404677AC408C9E2EED87F8418FE2DD0D2AB8D0E824F5B53AC9133F7CC7152F4388E614C267D6DB04638CF6D1C19E55EB052FFD4273DEA04863829E1BFE9CDE4"
    decryptionKey="C9668F6C98502220633033B21818EE57D6F903FC48C2A94B5EC99B8BC1F3F411"
    validation="SHA1" decryption="AES" />

</system.web>

There is no web.config for the page that is posting to the login url. It is a simple html page: https://sub.domain.org/forms/tests/login.html as shown above.

1
asp.netpostloginforms-authenticationquery-string
So, this is not from a "Remote Url", it is from another page which has the login form and that this page is a different page from what is configured in the web.config for forms authentication?Valamas
It will ultimately be from a "Remote URL", I just kept it the same for simplicity of the question. The user will authenticate through a portal using their ldap credentials. The portal allows for running some code for SSO to external applications through "connectors". If they already authenticated through the portal I want to POST to the "forms authentication" page (all my apps outside the portal use) to create the session cookie without having them have to manually log in.Baxter

1 Answers

0
votes

I dig this up for you. http://petesbloggerama.blogspot.com.au/2006/10/cross-application-forms-authentication.html

It seems you need to add to for forms authent web.config

enableCrossAppRedirects="true"

You also need to put some authentication keys that must match between the applications.

Hopefully that will prevent your problem with redirection.