current community

your communities

more stack exchange communities

Stack Exchange
tour help
careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

I have ASP.NET MVC website which is hosted in a child directory of other website which is protected with form login like below:

<domain>/parent          --asp.net 2.0, with login form (standard form auth)
<domain>/parent/mysite   --asp.net mvc 4.0
server: IIS 6

to enter the mysite website user should pass the login form of parent website. it is OK until we develop twilio application on mysite and need a public access of twiml on <domain>/parent/mysite/twilio/twiml. the /twilio is an area, /twiml is a controller.

i have tried the following configuration on the /mysite web.config but it doesn't work.

<location path="~/parent/mysite/twilio">
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</location>

Edit

i don't have control/access to change the code/configuration on parent website.

any idea how to get this working?

share|improve this question
add comment

1 Answer

up vote 0 down vote

The parent app has forms auth. therefore it creates an encrypted cookie for the client browser, if you could decrypt this cookie in your child app then the child app could check to see if access should be granted.

The above makes lots of assumptions mainly that you are doing standard Microsoft forms auth, and if you are lucky also using standard Microsoft membership providers.

To enable you to decrypt the cookie you must set the machineKey to be the same in both apps, This blog explains it.

I think you might have to upgrade your 2.0 app, but I don't know.

share|improve this answer
    
thank you for your response. yes i use standard microsoft forms auth. i have follow your provided link but still don't understand if it is fit mine. where should i put the code to check and grant access? because i think the login form is showing without touching the child code. no? –  bonjorno yesterday
    
I don't know asp.net 2.0 well enough, however for me with 4 MVC 4.0 child apps, I simply used the same membership database for each child app (web.config) DefaultProvider ...... and set each machineKey to be the same. I didn't have to write code. I think you will find it the same as you are using the MS membership provider. But I think you will have to update the 2.0 code to use 4.0 esp. for the membership provider. –  Old fart yesterday
add comment

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.