aspnet2securityfaq0039

Question: How do I implement single sign on using forms authentication?

Answer:

If you need a single sign on to work across multiple applications located in separate virtual directories, you need to share a common authentication ticket which can be decrypted and integrity checked by every application.

For this you must manually generate validationKey and decryptionKey values and set these values on the <machineKey> element in the machine level Web.config file. Additionally you must ensure that the name and path attributes in the <forms> element is same for each application.

To generate cryptographically random keys, use the RNGCryptoServiceProvider class to generate a cryptographically strong random number. The key must be a minimum of 40 hexadecimal characters (20 bytes) and a maximum of 256 hexadecimal characters (64 bytes) long.

		 using System;
		 using System.Text;
		 using System.Security;
		 using System.Security.Cryptography;
		 class App
		 {
		  static void Main(string[] argv) 
		  {
		    int len = 128;
		    if (argv.Length > 0)
		        len = int.Parse(argv[0]);
		    byte[] buff = new byte[len/2];
		    [RNGCryptoServiceProvider] rng = new [RNGCryptoServiceProvider();]
		    [rng.GetBytes(buff);]
		    [StringBuilder] sb = new [StringBuilder(len);]
		    for (int i=0; i<buff.Length; i++)
		          sb.Append(string.Format("{0:X2}", buff[i]));
		    [Console.WriteLine(sb);]
		   }
		 }

Use the generated keys to configure machineKey settings in your Web.config file as follows. Use separate keys for validationKey and decryptpionKey.

		 <machineKey validationKey="Hsbfb636576sahfj\mfhhshnj234235"  
		            decryptionKey="shakh7857jkjjco985\fhhegf476343" 
		            validation="SHA1" decryption="Auto" />

More Information

For information about how to generate manual key values and MachineKey configuration, see “How To: Configure MachineKey in ASP.NET 2.0 at http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000007.asp

Return to HomePage, ASPNET2SecurityFAQs

Return to %5bHomePage%2c%5d %5bASPNET2SecurityFAQs%5d
----
%21%21%21 Question%3a How do I implement single sign on using forms authentication%3f
%21%21%21 Answer%3a
If you need a single sign on to work across multiple applications located in separate virtual directories%2c you need to share a common authentication ticket which can be decrypted and integrity checked by every application. 
 
For this you must manually generate *validationKey* and *decryptionKey* values and set these values on the *%3cmachineKey%3e* element in the machine level Web.config file. Additionally you must ensure that the *name* and *path* attributes in the *%3cforms%3e* element is same for each application.
 
To generate cryptographically random keys%2c use the *RNGCryptoServiceProvider* class to generate a cryptographically strong random number. The key must be a minimum of 40 hexadecimal characters %2820 bytes%29 and a maximum of 256 hexadecimal characters %2864 bytes%29 long. 
 
%7b%7b
 using System%3b
 using System.Text%3b
 using System.Security%3b
 using System.Security.Cryptography%3b
 class App
 %7b
  static void Main%28string%5b%5d argv%29 
  %7b
    int len %3d 128%3b
    if %28argv.Length %3e 0%29
        len %3d int.Parse%28argv%5b0%5d%29%3b
    byte%5b%5d buff %3d new byte%5blen/2%5d%3b
    %5bRNGCryptoServiceProvider%5d rng %3d new %5bRNGCryptoServiceProvider%28%29%3b%5d
    %5brng.GetBytes%28buff%29%3b%5d
    %5bStringBuilder%5d sb %3d new %5bStringBuilder%28len%29%3b%5d
    for %28int i%3d0%3b i%3cbuff.Length%3b i%2b%2b%29
          sb.Append%28string.Format%28%22%7b0%3aX2%7d%22%2c buff%5bi%5d%29%29%3b
    %5bConsole.WriteLine%28sb%29%3b%5d
   %7d
 %7d
%7d%7d
 
 
Use the generated keys to configure machineKey settings in your Web.config file as follows. Use separate keys for *validationKey* and *decryptpionKey*.
 
%7b%7b
 %3cmachineKey validationKey%3d%22Hsbfb636576sahfj%5cmfhhshnj234235%22  
            decryptionKey%3d%22shakh7857jkjjco985%5cfhhegf476343%22 
            validation%3d%22SHA1%22 decryption%3d%22Auto%22 /%3e
%7d%7d
 
%21%21%21%21 More Information 
For information about how to generate manual key values and %5bMachineKey%5d configuration%2c see “How To%3a Configure %5bMachineKey%5d in ASP.NET 2.0 at http%3a//msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000007.asp
----
Return to %5bHomePage%2c%5d %5bASPNET2SecurityFAQs%5d