ASP.NET - How to pass session between two servers in asp.net ?

Asked By rajesh kumar on 16-Dec-11 06:49 AM

How to pass session between two servers in asp.net ?

Chintan Vaghela replied to rajesh kumar on 16-Dec-11 07:00 AM

Hello

Why do you want to share Sessions between applications? ASP.NET Session is not designed to do that.

Your proposed solution of using the same ASP.NET State Server does not work because your user will simply get 2 different session tokens, even if they use your 2 applications concurrently from the same machine, and same browser. You need to consider how Session works to understand why this is.

ASP.NET session state enables you to store and retrieve values for a user as the user navigates ASP.NET pages in a Web application. HTTP is a stateless protocol. This means that a Web server treats each HTTP request for a page as an independent request. The server retains no knowledge of variable values that were used during previous requests. ASP.NET session state identifies requests from the same browser during a limited time window as a session, and provides a way to persist variable values for the duration of that session.

ASP.NET Session is a metaphor for a user's current interaction with one ASP.NET application. It exists in ASP.NET to give us a place to store temporary state data between the various page requests that a user makes while using your application.

If your applications are very closely related, e.g. the user uses both at the same time, or almost the same time, you could consider merging them into a single ASP.NET application. You could deploy them into different Virtual Directories to maintain some degree of logical separation, but use only one Application in IIS.

If your applications are not that closely related, perhaps they should be sharing the same database as a means to exchange data, or using an API e.g. based on Web Services to exchange information.

Chintan Vaghela replied to rajesh kumar on 16-Dec-11 07:01 AM

Hello,

 

There are many ways to achieve Single Sign-On / Federated Identity. 

The solution given in this article from CodeProject might suit you best and help you achieving your goal...
http://www.codeproject.com/KB/web-security/PassThroughSecurity.aspx

Hope this is helpful !

Thanks

 

 

 

 

 

Chintan Vaghela replied to rajesh kumar on 16-Dec-11 07:02 AM

Hello,

 

if you want to just authenticate user between two application

 

you can do using creating form authentication ticket and identity on the fly

like you pass  userId in query string and on the calling application create authenticate ticket and identity.

yes application will have different session id but you will be able to login. 

 

Hope this is helpful !

Thanks

 

 

 

 

 

Chintan Vaghela replied to rajesh kumar on 16-Dec-11 07:08 AM

Hello,

 

This is related to the concept of sign-on (SSO).You can do it easily if you are using asp.net 2.0/3.5/4.0

Cookied Cross-Application Behavior
You can use diff applications to the cookieless sample to also show cross-application redirects in
the cookied case. Again using two sample applications (App1 A and AppB), both applications need to share a common
configuration:
<forms cookieless="UseCookies" enableCrossAppRedirects="true"
path="/cookiedAppA"/>
<machineKey
decryptionKey="A225194E99BCCB0F6B92BC9D82F12C2907BD07CF069BC8B4"
validationKey="6FA5B7DB89076816248243B8FD7336CCA360DAF8"
/>
To simulate isolation of the forms authentication cookies, each application explicitly sets the path attribute
as shown above.

Because this sample uses cookies, the path attribute prevents the browser from
sending the forms authentication cookie for one application over to the second application. Remember
that setting the path attribute only takes effect when using cookied modes (for example, setting the path
attribute would have no effect on the previous cookieless example). For now, we will use the same
redirection helper as we did earlier, and pages in both applications will issue a Response.Redirect to
get to the second application.
//First application button click
FormsAuthentication.RedirectFromLoginPage("testuser", false);
Response.Redirect("/cookielessAppB/default.aspx"); 

Hope this is helpful !

Thanks

 

 

 

 

 

Riley K replied to rajesh kumar on 16-Dec-11 07:17 AM


 inyour web.config file



<appSettings>
  <add key="ApplicationName" value="SharedWeb"/>
</appSettings>
 



http://www.asp101.com/articles/jayram/sharestate/default.asp
http://www.codeproject.com/KB/session/sharedsession.aspx


Regards
Jitendra Faye replied to rajesh kumar on 16-Dec-11 07:19 AM

you could implement a single-signon strategy for your applications.

http://aspalliance.com/1545_Understanding_Single_SignOn_in_ASPNET_20.all

http://blah.winsmarts.com/2006/05/19/aspnet-20-implementing-single-sign-on-sso-with-membership-api.aspx

http://johndyer.name/post/2005/12/Single-SignOn-with-ASPNET-Membership-and-WebServices.aspx

http://msdn.microsoft.com/en-us/library/ms972971.aspx

Suchit shah replied to rajesh kumar on 16-Dec-11 07:35 AM

From your description, I understand your purpose is to share session objects between several web applications that hosted on the same machine. If I have misunderstood your conern, please let me know.

For this requirement, there is already a solution that achieved by assigning the same “AppName” for all web applications by http module and in SQLServer sessionstate mode. For your reference, please check the link below for detail.

Sharing Session Across Applications
http://www.codeproject.com/KB/session/sharedsession.aspx

Suchit shah replied to rajesh kumar on 16-Dec-11 07:36 AM
You cannot share sessions between different ASP.NET applications without some custom code. What you did in web.config was to use an out of process sessions, which means that data will no longer reside into memory but into the memory of a dedicated machine. This is useful for server farms and it uses the ApplicationName to know which application the session belongs to. So basically your applications need to have the same name if you want them to share sessions. There are some dirty http://www.codeproject.com/KB/session/sharedsession.aspx though.

They will share session data if they are in the same app pool and the session mode is set to inproc. The way that stateserver and sqlstate work is they use the root of your web address as logical boundaries.

Eg if they are both hosted on the same address and port (or 'site' in iis) but in different sibfolders then they should share session I think.

http://www.codeproject.com/KB/session/sharedsession.aspx

kalpana aparnathi replied to rajesh kumar on 16-Dec-11 12:21 PM
hi,

For this requirement, there is already a solution that achieved by assigning the same “AppName” for all web applications by http module and in SQLServer sessionstate mode. For your reference, please check the link below for detail.

Sharing Session Across Applications

http://www.codeproject.com/KB/session/sharedsession.aspx