کانال نوحه و مداحی ناب

single sign-on (SSO) between ASP.NET Core app and ASP.NET Web Forms app

single sign-on (SSO) between your ASP.NET Core app and your legacy ASP.NET Web Forms app using a shared authentication token

Yes, you can achieve single sign-on (SSO) between your ASP.NET Core app and your legacy ASP.NET Web Forms app using a shared authentication token, typically a JWT (JSON Web Token). Here's a high-level approach to make this work:

 

🛠️ Strategy Overview

  1. Authenticate in ASP.NET Core

    • Use ASP.NET Core Identity or any other authentication mechanism.

    • Generate a JWT token upon successful login.

  2. Pass the Token to Web Forms App

    • Redirect the user to the Web Forms app with the token in the query string or a cookie.

    • Example: https://webformsapp.com?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

  3. Validate Token in Web Forms

    • In the Web Forms app, intercept the token (e.g., in Global.asax or a base page).

    • Use a JWT library (like System.IdentityModel.Tokens.Jwt) to validate the token.

    • If valid, create a session or authentication cookie for the Web Forms app.

  4. Secure the Token Exchange

    • Use HTTPS to prevent token leakage.

    • Sign the JWT with a shared secret or certificate.

    • Set a short expiration time and consider IP or user-agent binding.

 

🔐 Token Validation in Web Forms (Example)

csharp 
var token = Request.QueryString["token"];
var tokenHandler = new JwtSecurityTokenHandler();
var validationParameters = new TokenValidationParameters
{
    ValidateIssuer = true,
    ValidIssuer = "your-core-app",
    ValidateAudience = true,
    ValidAudience = "your-webforms-app",
    ValidateLifetime = true,
    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("your-secret-key"))
};

SecurityToken validatedToken;
var principal = tokenHandler.ValidateToken(token, validationParameters, out validatedToken);

// Create session or cookie
Session["User"] = principal.Identity.Name;
 

✅ Best Practices

  • Use same domain or subdomains if possible to share cookies.

  • Consider using OpenID Connect or OAuth2 if both apps can support it.

  • Store minimal user info in the token (e.g., user ID, roles).

  • Rotate signing keys periodically.

 
کانال نوحه و مداحی ناب

نظرات (۰)
هیچ نظری هنوز ثبت نشده است

ارسال نظر

ارسال نظر آزاد است، اما اگر قبلا در بیان ثبت نام کرده اید می توانید ابتدا وارد شوید.
شما میتوانید از این تگهای html استفاده کنید:
<b> یا <strong>، <em> یا <i>، <u>، <strike> یا <s>، <sup>، <sub>، <blockquote>، <code>، <pre>، <hr>، <br>، <p>، <a href="" title="">، <span style="">، <div align="">
تجدید کد امنیتی
طبقه بندی موضوعی
آخرين مطالب