Passing session data between ASP.NET web applications
Asked Answered
H

2

8

I'm trying to help a friend - they have a pretty big web application (ASP.NET 4.0, Visual Basic) that has a number of subfolders that all act as quasi sub-applications (but they're just subfolders of the main application). This application will be split up into multiple independent web application because in its current form it's hard to maintain and develop any further.

The problem is that the current monolithic application uses a number of session variables for things like user information (after logon, etc.) I wonder if there's an easy way to share this information securely among the future multiple web applications (which will obviously have independent sessions). Session state is stored in SQL Server. The users of the current web application are all external users and not all users have access to all "sub-applications".

I'm looking for some advice about these two things:

1. I already did some searching and found single-sign-on - this seems to solve the problem of authentication across these applications but I'm unfamiliar with it and I don't understand how the authentication information is deleted if the "session" expires, since the different web applications will have different sessions. Is is possible to log out a user from all web applications once the session expires in one of them?

2. I suspect (but not sure) that there may be some other session data on top of the authentication information that may need to be shared after the split. What would be the best way to do this (again reliably and securely)?

I found this article about passing IDs (to database records that would hold the shared data) and wonder if it's good.

All advice would be appreciated.

PS: I found a number of threads here on SO about this but I don't believe any of them answer these specific questions. The most helpful I found was this one:

Sharing data between ASP.NET applications

Hydrotherapeutics answered 30/6, 2012 at 23:42 Comment(3)
All Applications are on same domain or different?Hyacinthe
I think they will all be on the same domain. Currently it's just a single application and I believe they plan the split on the same domain.Hydrotherapeutics
I am too looking for sharing the session ID between the application under same domain.Purapurblind
H
14

Eventually I found the solution to this problem and I'm leaving it here as reference to others:

StateServer uses a windows service (ASP.NET State Service) which handles the sessions in memory. This uses the MachineKey, AppDomainAppID as well as the SessionID to uniquely identify an application.

  • Set the same MachineKey in web.config to be the same for all applications under the site.
  • Add code in Global.asax Init() to set AppDomainAppID to be the same for all applications.
  • Implement ISessionIDManager and return custom Session ID to be re-used in the sub-applications.

The following links provided the information to the actual implementation I did:

Hydrotherapeutics answered 29/7, 2012 at 13:41 Comment(2)
Hi, will this solution work when I have one ASP.NET 4.5 website and other ASP.NET 5/MVC 6 website? I desperately need same session id to the new website I am adding. This will help me query a lot of details available in the database.Purapurblind
@Wayofhope I don't know the answer (I haven't used MVC 5/6) but I'd imagine this would work (although I may be wrong). I suggest you give it a try. If it does work, I'd appreciate if you left a comment here for future readers.Hydrotherapeutics
P
3

It is possible to share ASP.NET session between different applications. Obviously all of the applications sharing the same session state database would need to be on the same version of ASP.NET (of on a version where the session state databases are compatible). Also, all the sharing applications would need to stay coordinated on how information in session state is maintained. For example a session variable would need to maintain compatible information and meaning between the application.

Prussiate answered 30/6, 2012 at 23:50 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.