Authentication Woes in 2 side by side websites

Authentication Woes in 2 side by side websites

Old forum URL: forums.lhotka.net/forums/t/10825.aspx


Jav posted on Friday, October 28, 2011

I have an ASP.Net 2.0, Csla 2.0 well established website using for authentication Membership DB with Csla.  I now have a Silverlight app on Asp.Net, Csla 4.2 which uses the login and authentication technique based on EBook 04-DataPortal-110504 - Authentication sample for Membership.

Individually both apps works great until we try to put the new SL app in use.  The newer app has to work beside the older ASP.Net 2.0 app; and the user has to have both Apps (separate websites) available at the same time.  The user also has to go from one app to the other.

Here is the problem: When the user leaves one app and does some work in the other, she get logged out of the previous app.  Same thing happens in reverse.  It looks like the identities in the two apps do not match.  I do not think the new authentication system will work in the older app, and I would just hate to dismantle what I now have in the SL app.  I am hoping there is some way to solve this pesky problem.

Both apps work off of the same set of databases.  They both use the same Membership DB.  I tried using separate Membership DBs but that did nothing.

Jav

RockfordLhotka replied on Saturday, October 29, 2011

ASP.NET uses cookies to track authentication at the browser<->web server level.

SL is completely unaware of any of that, and relies on the browser to do all the work. It uses whatever cookies the browser has for the host site.

The principal used in SL is a standalone client thing. It is created by your code that runs to the server to create the principal/identity. But it has nothing to do with the browser, cookies, or the ongoing server identity for the user. This is because SL runs in a sandbox and is completely unaware of those things.

Copyright (c) Marimer LLC