aspnet2securityfaq0039

Question: How do I implement single sign on using forms authentication?

Answer:

If you need a single sign on to work across multiple applications located in separate virtual directories, you need to share a common authentication ticket which can be decrypted and integrity checked by every application.

For this you must manually generate validationKey and decryptionKey values and set these values on the <machineKey> element in the machine level Web.config file. Additionally you must ensure that the name and path attributes in the <forms> element is same for each application.

To generate cryptographically random keys, use the RNGCryptoServiceProvider class to generate a cryptographically strong random number. The key must be a minimum of 40 hexadecimal characters (20 bytes) and a maximum of 256 hexadecimal characters (64 bytes) long.

		 using System;
		 using System.Text;
		 using System.Security;
		 using System.Security.Cryptography;
		 class App
		 {
		  static void Main(string[] argv) 
		  {
		    int len = 128;
		    if (argv.Length > 0)
		        len = int.Parse(argv[0]);
		    byte[] buff = new byte[len/2];
		    [RNGCryptoServiceProvider] rng = new [RNGCryptoServiceProvider();]
		    [rng.GetBytes(buff);]
		    [StringBuilder] sb = new [StringBuilder(len);]
		    for (int i=0; i<buff.Length; i++)
		          sb.Append(string.Format("{0:X2}", buff[i]));
		    [Console.WriteLine(sb);]
		   }
		 }

Use the generated keys to configure machineKey settings in your Web.config file as follows. Use separate keys for validationKey and decryptpionKey.

		 <machineKey validationKey="Hsbfb636576sahfj\mfhhshnj234235"  
		            decryptionKey="shakh7857jkjjco985\fhhegf476343" 
		            validation="SHA1" decryption="Auto" />

More Information

For information about how to generate manual key values and MachineKey configuration, see “How To: Configure MachineKey in ASP.NET 2.0 at http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000007.asp

Return to HomePage, ASPNET2SecurityFAQs