We have 2 application, one is in Nodejs and the other in aspx.
The login page is in Nodejs. What I need is to create a session and authenticate my user in aspx application from the login page for later navigation in the aspx app.
Being a noob in web development, I have no clue where to start or what to search.
Thanks in advance
pre-authenticate user in aspx application
1k views Asked by Jeanseb At
1
There are 1 answers
Related Questions in ASP.NET
- Implementing Azure AD B2C Authentication in .NET 8 Blazor Project (RenderMode: InteractiveAuto)
- Azure Application Insights Not Displaying Custom Logs for Azure Functions with .NET 8
- IIS Rewrite Module exclude bots but allow GoogleBot
- Angular 16 sending null values to API
- I am the domain admin, newbie, how do I connect youtube.com on my domain?
- Dropdown list showing SQLServer2005SQLBrowserUser$DONSERVER instead of Active Directory group name in ASP.NET MVC C#
- ASP.NET Identity, Losing Ability to Login until Application Pool Recycles
- How to unprotect ASP.NET FormAuthentication cookie
- How does it work using ASP.NET FormAuthentication
- What is the purpose of a completely standalone 'this'?
- Is there a way to read .csproj PropertyGroup variable in c#
- MSBuild trying to copy different dll with similar name into project sporadically
- Minimizing IdentityServer4 Round Trips in Microservice Architecture with Ocelot
- Azure AD guest account in web app authentication user claims data
- Receiving 400 bad request on post when customer auth handler is used
Related Questions in NODE.JS
- Using Puppeteer to scrape a public API only when the data changes
- How to request administrator rights?
- How do I link two models in mongoose?
- Variable inside a Variable, not updating
- Unable to Post Form Data to MongoDB because of picturepath
- Connection terminated unexpectedly while performing multi row insert using pg-promise
- Processing multiple forms in nodejs and postgresql
- Node.js Server + Socket.IO + Android Mobile Applicatoin XHR Polling Error...?
- How to change the Font Weight of a SelectValue component in React when a SelectItem is selected?
- My unban and ban commands arent showing when i put the slash
- how to make read only file/directory in Mac writable
- How can I outsource worker processes within a for loop?
- Get remote MKV file metadata using nodejs
- Adding google-profanity-words to web page
- Products aren't displayed after fetching data from mysql db (node.js & express)
Related Questions in FORMSAUTHENTICATION
- FormsAuthentication Cookie Disappearing
- FormsAuthentication Cookie Not Saving
- Forms Authentication using jquery ajax
- jwt authentication in angular 4.0/webapi - null header when using http extender
- FormsAuthenticationTicket - userdata is empty on one App (CrossApp Form Auth)
- C# MVC 5 The ticket cookie is cleared when the form authentication signs out
- Can System.Web be used with ASP.Net Core with Full Framework
- Retrieving the Principal in a RESTful WebApi method
- Formsauthentication and owin facebook authentication side by side (web forms)
- Mono MVC5 User.Identity.IsAuthenticated returns false after login with FormsAuthentication.SetAuthCookie()
- Is it possible to update FormsAuthentication cookie value?
- ASP.NET MVC 5 Razor Forms Authentication LoginURL
- log out of asp.net site automatically when forms authentication has expired
- Renewing forms authentication ticket - strange timing
- ASP.net MVC3 with forms authentication and LDAP authentication
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
So there's several ways I can think of to do this, depending on your current intent for both applications and reasons for doing what you're doing. I'll try and list each here with some pro's and cons. I'll say again that none are what I'd consider easy for a new web developer; are there others on your team that have experience in one or both technologies?
1) Probably the simplest option, if you can do it is to have the Node.js process be the gateway. The ASP.NET application never needs to authenticate the users at all, the Node.js app acts as a full-on reverse proxy to the ASP.NET app. This works well if you can support it, and you can secure it by having the Node.js application login to the ASP.Net app (via whatever method you want; basic auth, forms login, whatever). If you need the ASP.Net app to be aware of what user is in the current context, then you can push whatever info you need into the request headers to do so (e.g. if they share the same database, you coudl put in the Id of the user that the node app has authenticated). If you wanted the ASP.NET app to be accessible on its own as well as via the node app, then the node app becomes one of many users and the asp.net app needs a HTTP Module to normalize whether the user info is coming from Session or from the Http headers. The easiest way to do this is to have the Http Module check that the current user is of a given role (e.g. NodeApp) and is logged in, and then it either copies the user information from the HttpContext into a new Session variable (that the rest of the app uses), or else looks up the proxied user in the DB and does the same. Basically, the rest of the app will never trust the HttpContext's current user for making decisions at that point.
Pro's: reasonably simple architecture, does not depend on what domain each app is on. Both apps need access to the user DB for it to work well.
Con's: If for some reason the apps can't have access to the same user db it isn't as good. There's some overhead for doing the proxy (not much, but still there). There's a bit of brain bending around whether you're talking about the 'real' user or the 'node' user that you have to keep straight.
2) OAuth (or alternatively OpenID) is the most standards-compliant option. In this case, you'd setup the Node.js app as an OAuth provider and have the ASP.NET app be an OAuth consumer. The user can then use their Node username and password to login, and have the Node app pass an auth token to the ASP.NET app via existing authentication modules.
Pro's: Less code to write on the ASP.NET side than the above example, standards compliant. you could switch out (or add) OAuth providers if you wanted to later
Con's: A bit more indirection for the user (redirects between the apps). This can probably be minimized, but you'll need to be very familiar with the OAuth protocols.
3) Session sharing (considered session hijacking if someone else is doing it to you. . . ). If you're on the same domain, then the Node.js app can simply write out the ASP.NET session and auth cookies like ASP.NET would. I say 'simply', but there's a lot of details of the ASP.NET machinery that you'll need to understand to do it right. http://support.microsoft.com/kb/910443 . The main bits are that you'd need to put your ASP.NET Session Store in a database, and then have Node.js manage the addition and removal of elements from there so that when ASP.NET goes looking at the session & auth cookies on a given request, it can find them in the place it expects to find them and then the ASP.NET process would find them there and act accordingly.
Pro's: Uses the ASP.NEt machinery that's already in place to some degree Con's: Probably pretty fragile, all things considered. Your node.js app would need access to the machineKey that the ASP.NEt app is going to use to decrypt the session contents. You'll need to make sure you're using the same encryption algorithm and both apps would be coupled to the same session store.
4) Roll your own membership provider in ASP.NET to issue a Forms Auth ticket to the Node app. This is somewhat similar to a blend of 1 and 3. In this option, the Node app, after authenticating the user, would send another request to a Login endpoint on the ASP.Net server, providing it credentials identifying itself however you want (e.g. a shared key that's been encrypted in some way). It could also provide any user details you want. You could then manually call the Forms Authentication api in your ASP.NET code to create a ticket for the end user (http://msdn.microsoft.com/en-us/library/system.web.security.formsauthenticationticket.aspx) i.e. no calculating it yourself; session store can be anywhere. The response to the Node.js app will include the ticket data in the auth cookie and so your Node.js app can pipe that data back to your user, so that the next time they make a request to the ASP.nEt app, they'll have a valid auth cookie generated by asp.net.
Pro's: More flexible than #3 and less user mungery than #1 from the ASP.NET perspective. Con's: Still requires both apps on the same domain, still requires a lot of integration between the two. If you screw up your Membership provider you could accidentally create a hole in your security.
Overall, I think the OAuth solution is the best one, but those are all the methods I can think of to do it.