I have several applications and one of them is a central application that manages authentication, and where a LogOn page is imported from as an IFrame to the other applications.
When the userName and password are correct, I create a cookie named userInfo.
Now, in the current app, I want to check if the cookie of userInfo exists. I think I should check it exists in the browser (in client side).
It must be possible, so how can I do it ?
Thanks in advance.
Cookies cannot be shared cross domain. If your applications are not hosted on the same domain you have to forget about this. It won't work because browsers (for obvious security reasons) do not send cookies cross domain. There are other ways to implement cross domain single sign on (see the second part of my answer).
Now let's suppose that your applications are on the same domain and you have multiple applications spread over different sub-domains of the root domain:
and you want to share authentication between those sub domains. All you have to do is specify set the domain property in your web.config to the root domain:
<authentication mode="Forms">
<forms
loginUrl="https://login.foo.com"
requireSSL="true"
protection="All"
timeout="120"
domain="foo.com"
slidingExpiration="false"
name="sso" />
</authentication>
The same configuration should be applied to the web.config of all applications. And that's pretty much all you need to do. Once the user is authenticated on one of the sub domains he will automatically be authenticated on the others thanks to the fact that cookies can be shared cross sub domains.
If you want to achieve cross domain single sign on then you will have to take a different approach. You could use the same machine keys between the different applications to encrypt the authentication token. Here are the steps:
https://foo.com and is presented with a Logon screen because he is not authenticated on this domain yet.foo.com domain.Now the user needs to go to https://bar.com and be automatically authenticated on this domain. On some page on https://foo.com you could create a form containing the value of the authentication cookie to be posted:
<form action="https://bar.com" method="post">
<input type="hidden" name="token" value="PUT THE VALUE OF THE AUTHENTICATION COOKIE HERE" />
<button type="submit">Go to bar.com</button>
</form>
bar.com. The script that receives this form submission reads the authentication token value that was posted and uses the FormsAuthentication.Decrypt method to decrypt the authentication ticket and read the user name. Since both applications on foo.com and bar.com use the same machine keys, the ticket that was encrypted on foo.com will be successfully decrypted by bar.combar.com having extracted the authenticated username from the token, it emits a forms authentication cookie valid on bar.com using the FormsAuthentication.SetAuthCookie method.bar.comThe whole security of this model relies on the fact that SSL is used when POSTing the forms authentication token from foo.com to bar.com so the token cannot be captured by a man-in-the-middle and that both applications share the same machine keys for encrypting and decrypting those tokens.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 别忘想泡老子 的文章《How to check if a cookie exists even if it was cre》','https://www.manongdao.com/article-813788.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}