.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

Routing users after authentication to different sites/applications preserving the security context?

Posted By:      Posted Date: April 14, 2011    Points: 0   Category :ASP.Net


We want to authenticate our users on our main site (default port 80, default.aspx, login page) and once a user successfully authenticated, we go grab a list of possible urls for that user and present it as links. Once the users clicks a link, we want to preserve the authentication context so that the app living on the chosen url does not have to re-authenticate the user.

Is something like that possible?

Is it recommended to do something like that?

Are there other ways to route users to their destination?


Thanks in advance, regards,


View Complete Post

More Related Resource Links

Forms based users being prompted for windows authentication login for My Sites photos in user lists

Here's an issue I didn't see coming for our forms based authentication users. 

We have a web application extended to an external url to handle forms based authentication for users outside of our domain. Our setup looks like this...

Internal Users/Windows Authentication - moss.domain.com
External Users/Forms Based - mossext.domain.com
My Site for Internal Users - mysites.domain.com

When our forms based users are accessing user lists, or discussion pages that display user pictures, they are getting a windows authentication login for our internal users (mysites.domain.com) who have populated their my site with personal photo.

How do we fix this? 

Creating Sites/Lists/List Items under Current User Context in SharePoint By Using SPUserToken

Usually we do this by performing the action under RunWithElevatedPrivileges method and updating the listitem using SPListItem.SystemUpdate() method (see here). but this approach has its own flaws like (RunWithElevatedPrivileges will run under system account, we cannot use SystemUpdate for SPSite,SPWeb,SPList, since it runs under system we will "CreatedBy" by as SystemAccount).

Routing in dynamic data applications


Im using ASP.Net 4. I tried to modified the code according to following video tutorial. http://www.asp.net/aspnet-in-net-35-sp1/videos/how-to-enable-table-specific-routing-in-dynamic-data-applications

But Product page directs only to ListDetails.aspx page.

This is my code :

<%@ Application Language="C#" %>
<%@ Import Namespace="System.ComponentModel.DataAnnotations" %>
<%@ Import Namespace="System.Web.Routing" %>
<%@ Import Namespace="System.Web.DynamicData" %>

<script RunAt="server">
    private static MetaModel s_defaultModel = new MetaModel();
    public static MetaModel DefaultModel {
        get {
            return s_defaultModel;

    public static void RegisterRoutes(RouteCollection routes) {

        DefaultModel.RegisterContext(typeof(NorthwindDataContext), new ContextConfiguration() { ScaffoldAllTables = true });


Intranet Users Challenged When Using Windows Integrated Security


We've setup an intranet site using Windows Integrated Security. Its up and running and users can access it. However, they are being challenged with a login dialog for the server when they initially access the site.

Isn't is possible to configure the server so that the users aren't challenged AND are recognized as being already authenticated by Windows? We're trying to go with a seamless experience, whereby all they have to do is login to their machine like normal and then go from there.

Sharing authentication ticket between two applications


Hi all,

I have two web applications:

1. http://www.mysite.com - primary app running at the root of the web server

2. http://www.mysite.com/second_app - running in a virtual directory

At user authentication, I'm using FormsAuthenticationTicket to set up authentication cookies. Is it possible to share the same cookie for both the apps?

Any help would be much appreciated.

Many thanks!

Silverlight Security: Securing Your Silverlight Applications


Josh Twist explains the unique challenges developers face in securing Silverlight applications. He shows where to focus your efforts, concentrating on the key aspects of authentication and authorization.

Josh Twist

MSDN Magazine May 2010

Going Places: Enhancing Windows Touch Applications for Mobile Users


This article describes how to use the Windows Touch API and related APIs to enhance mobile application. The discussion focuses on general usability, object selection and implementing a natural user interface.

Gus Class

MSDN Magazine December 2009

Security: Safer Authentication with a One-Time Password Solution


One-time passwords offer solutions to dictionary attacks, phishing, interception, and lots of other security breaches. Here's how it all works.

Dan Griffin

MSDN Magazine May 2008

Security: Authenticate Users Across Organizations Using ADFS


Jack Couch looks at how to set up ADFS and when to use it; he then shows how to connect to an outside organization to offer single sign-on.

Jack Couch

MSDN Magazine December 2007

Add-In Power: Let Users Customize Your Apps With Visual Studio Tools For Applications


If you're looking to increase the usefulness of your applications by making them customizable, you'll want to read about these three technologies available from Microsoft.

Paul Stubbs

MSDN Magazine August 2006

Attack Surface: Mitigate Security Risks by Minimizing the Code You Expose to Untrusted Users


In this article, Microsoft security expert Michael Howard discusses the cardinal rules of attack surface reduction. His rules - reduce the amount of code executing by default, reduce the volume of code that is accessible to untrusted users by default, and limit the damage if the code is exploited - are explained along with the techniques to apply the rules to your code.

Michael Howard

MSDN Magazine November 2004

Plug-Ins: Let Users Add Functionality to Your .NET Applications with Macros and Plug-Ins


Most user applications benefit from the ability to be extended by other developers. It's often easier and more efficient to extend an existing application that users are already familiar with and trained on than it is to develop one from scratch. Thus, extensibility makes your application more attractive. You can build extensibility into your application by supporting features like plug-ins or macros. This is easily accomplished using the .NET Framework even if the core application isn't a .NET Framework app. In this article, the author describes extensibility features of the .NET Framework including late binding and reflection and how to use them, along with plug-in security considerations.

Jason Clark

MSDN Magazine October 2003

Passport Secure Sign-In: Provide Your Users with Secure Authentication Capabilities Using Microsoft


Secure sign-in, a new feature in version 2.0 of the .NET Passport single sign-in and profile service, is a functionality that will be especially useful for sites containing confidential information or anywhere security is a primary concern. Such sites include banks, medical sites, and so on. Secure sign-in is as safe as any SSL-based Web site login used today and provides a way to virtually eliminate vulnerability to replay and dictionary attacks.This article explains secure sign-in and demonstrates how you can implement this feature with very little effort in either ASP using the Passport.Manager COM object or in ASP.NET using the .NET class PassportIdentity.

Michael Kogotkov-Lisin

MSDN Magazine September 2002

ASP.NET Security: An Introductory Guide to Building and Deploying More Secure Sites with ASP.NET and


Forms authentication is one of the most compelling and useful new features of ASP.NET. It enables developers to declaratively specify which files on their site can be accessed and by whom, and allows identification of a login page. When an unauthenticated user attempts to retrieve a page protected by forms authentication, ASP.NET automatically redirects them to the login page and asks them to identify themselves. Included here is an overview of forms authentication and what you need to know to put it to work. Also included is hard-to-find information on the security of cookie authentication and on combining forms authentication with role-based URL authorizations.

Jeff Prosise

MSDN Magazine May 2002

ASP.NET Security: An Introductory Guide to Building and Deploying More Secure Sites with ASP.NET and


ASP.NET and Microsoft Internet Information Services (IIS) work together to make building secure Web sites a breeze. But to do it right, you have to know how the two interrelate and what options they provide for securing access to a Web site's resources. This article, the first in a two-part series, explains the ABCs of Web security as seen through the eyes of ASP.NET and includes a hands-on tutorial demonstrating Windows authentication and ACL authorizations. A range of security measures and authentication methods are discussed, including basic authentication, digest authentication, and role-based security.

Jeff Prosise

MSDN Magazine April 2002

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend