Tuesday, August 18, 2009

ASP.Net - Single Sign On & Session Handling

The part 1 of this post can be read here.

Problem Statement
So single sign on is all up and running and users are able to login once and access all the sub domains. Now, if you are saving any user data in session then you should remember that every time the user jumps to another sub domain, application reloads the session, which means that your application would be performing the tasks added to any session based event every time user changes the domain. This can become a performance nightmare depending on how much data you are storing and if you are making any db calls.

Another problem would be that you won't be able to share data across sub domains like some kind of flag etc., because session is getting initialized every time the sub domain changes.

Solution
The simplest solution is that you share the session across all sub domains. Here's what you need to do,

1. Make your custom session class by simply inheriting the

System.Web.SessionState.SessionIDManager, System.Web.SessionState.ISessionIDManager

and implement the ISessionIDManager interface's methods. Here's what the end result will be,

using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public class MySession : System.Web.SessionState.SessionIDManager, System.Web.SessionState.ISessionIDManager

{

#region ISessionIDManager Members

string System.Web.SessionState.ISessionIDManager.CreateSessionID(HttpContext context)
{
return base.CreateSessionID(context);
}

string System.Web.SessionState.ISessionIDManager.GetSessionID(HttpContext context)
{
return base.GetSessionID(context);
}

void System.Web.SessionState.ISessionIDManager.Initialize()
{
base.Initialize();
}

bool System.Web.SessionState.ISessionIDManager.InitializeRequest(HttpContext context, bool suppressAutoDetectRedirect, out bool supportSessionIDReissue)
{
return base.InitializeRequest(context, suppressAutoDetectRedirect, out supportSessionIDReissue);
}

void System.Web.SessionState.ISessionIDManager.RemoveSessionID(HttpContext context)
{
base.RemoveSessionID(context);
}

void System.Web.SessionState.ISessionIDManager.SaveSessionID(HttpContext context, string id, out bool redirected, out bool cookieAdded)
{
base.SaveSessionID(context, id, out redirected, out cookieAdded);
HttpContext.Current.Response.Cookies["ARSessionCookie"].Domain = FormsAuthentication.CookieDomain;
}

bool System.Web.SessionState.ISessionIDManager.Validate(string id)
{
return base.Validate(id);
}

#endregion
}


2. Add the following to your web.config

[sessionState sessionIDManagerType="MySession" cookieName="MySessionCookie"][/sessionState>]

Note : Replace [ with <> .

You are done! Now user's session will be shared across all the sub domains (considering that it's the same server) .
Posted by Beenish Khan at 11:16 AM
Labels: , , , ,

3 comments:

  1. santosh kumar patroOctober 26, 2010 at 5:18 AM

    Hi

    How to use the custom session class in the application?

    Thanks & Regards,
    Santosh

    ReplyDelete
    Replies
    1. UnknownMarch 21, 2013 at 4:34 AM

      Hi Santosh,

      Did u get that where we can add that Session class.

      Delete
  2. Muhammad AzeemApril 24, 2011 at 6:57 PM

    This is a nice article..
    Its easy to understand ..
    And this article is using to learn something about it..

    c#, dot.net, php tutorial, Ms sql server

    Thanks a lot..!
    ri80

    ReplyDelete

Subscribe to: Post Comments (Atom)