In addition to what Kristijan said, the best approach for this type of scenarios relies on the provider infrastructure: this post has more details.
However, if your applications are running on different servers, or for any other reason, you might want to try passing encrypted credentials via URL. This approach has its security shortcommings, but anyhow, here is some sample code.
UrlParams are used in MonoX to achieve stong typing when working with query parameters:
//Have following parameters in the UrlParams class
public
static
class
UrlParams
{
public
static
readonly
UrlParam<
string
> Token =
new
UrlParam<
string
>(
"token"
);
public
static
readonly
UrlParam<
string
> AutoRegisterUserName =
new
UrlParam<
string
>(
"uid"
);
public
static
readonly
UrlParam<
bool
?> CreatePersistentCookie =
new
UrlParam<
bool
?>(
"cpc"
);
}
Something like this would go to your login screen:
//Handle the LoggingIn event in the Login module
public
class
Login : MonoSoftware.MonoX.Pages.Login
{
protected
override
void
OnInit(EventArgs e)
{
base
.OnInit(e);
ctlLogin.LoggingIn +=
new
System.Web.UI.WebControls.LoginCancelEventHandler(ctlLogin_LoggingIn);
}
void
ctlLogin_LoggingIn(
object
sender, System.Web.UI.WebControls.LoginCancelEventArgs e)
{
if
(Membership.ValidateUser(ctlLogin.UserName, ctlLogin.Password))
{
string
redirectUrl = String.Format(
"http://{0}"
, CrossDomainAutoLoginPageUrlGoesHere
.Append(UrlParams.Token, HttpUtility.UrlEncode(DESExtension.Encrypt(DateTime.Now.Ticks.ToString())))
.Append(UrlParams.AutoRegisterUserName, HttpUtility.UrlEncode(DESExtension.Encrypt(ctlLogin.UserName)))
.Append(UrlParams.CreatePersistentCookie, ctlLogin.RememberMeSet)
);
string
redirectScript = String.Format(
"$(document).ready(function() {{ $(location).attr('href','{0}'); }});"
, redirectUrl);
MonoSoftware.MonoX.Utilities.JavascriptUtility.RegisterStartupScript(
this
,
this
.GetType(), String.Format(
"{0}_redirectScript"
, MonoSoftware.MonoX.ApplicationSettings.ApplicationTitle), redirectScript,
true
);
e.Cancel =
true
;
}
}
}
And finally, the most important piece - overriden MonoX login page with the method below that checks for credentials and performs login if everything is OK. Note that your request should have a short expiration time (5 secs in this example), to prevent possible security problems.
protected
override
void
OnInit(EventArgs e)
{
base
.OnInit(e);
if
(UrlParams.AutoRegisterUserName.HasValue)
{
if
(!UrlParams.Token.HasValue)
{
throw
new
SecurityException();
}
TimeSpan timeSpan =
new
TimeSpan(Math.Abs(
long
.Parse(DESExtension.Decrypt(UrlParams.Token.Value))) - DateTime.Now.Ticks);
//Token valid for 5 seconds
if
(timeSpan.TotalSeconds > 5)
{
throw
new
SecurityException();
}
//Auto login
FormsAuthentication.SetAuthCookie(DESExtension.Decrypt(UrlParams.AutoRegisterUserName.Value), UrlParams.CreatePersistentCookie.Value.GetValueOrDefault());
//Redirect to home page of the current domain (the one that the user have just been logged into)
Response.Redirect(
"~"
);
}
}