DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Cross-Domain Cookie With Legacy Applications

Writing modern web applications is easy, but what happens when you need to interface with a legacy application and cookies are required? Today, I explain the gotchas with cross-domain applications.

Jonathan Danylko user avatar by
Jonathan Danylko
·
Apr. 28, 16 · Tutorial
Like (3)
Save
Tweet
Share
4.69K Views

Join the DZone community and get the full member experience.

Join For Free

image title

once you create your first asp.net mvc application, it's a great feeling.

you've created something out of nothing!

creating a new application is easy.

however, integrating a brand new asp.net mvc website with a legacy website can be a challenge.

our said challenge was an older webforms application using asp.net 2.0 and we wanted (no, needed) to give the application a face lift, but it's not recommended that we rewrite the monolith. it would take years for this to be rewritten.

so how can we fix up this old and busted webforms monolith?

old and busted...new hotness (scene from men in black ii)

branch by abstraction

martin fowler mentioned a technique called branch by abstraction which seemed like a suitable way for us to proceed with this particular application.

the idea behind the technique is to move specific parts of the monolith over to the new hotness and slowly disconnect and dissolve the old feature in the monolith.

i understand one alternative is to use microservices to break apart the monolith, but this particular application presents a difficult way for us to decouple a large amount of untested, webform code.

again, it's definitely a challenge.

cross-domain headaches

as of this last week, i hit my head against the first problem.

the older webforms application wasn't really an application, it was an asp.net website. not a web application.

since we had this older webforms website project, the team needed a way to cleanly add an asp.net mvc application.

the webforms application uses the microsoft membership and requires a cookie passed across the application.

but, we're building a new asp.net mvc application and cookies don't travel across domains.

so, how do you pass those credentials from an mvc application over to the older application without adding any additional code to the older webforms app?

the solution we came up with is to create the application on a subdomain so the cookie works across domains.

this solved the issue of our applications working together seamlessly.

now... for the gotchas

after implementing a subdomain for my local dev box , i was up and running.

i had the following domains working on my system for testing.

website1.localhost.com:888

website2.localhost.com:888

fast-forward to friday last week.

after a number of stackoverflow posts, here are the three things i learned over the week.

1. machinekey

make sure you have the machinekey element in your system.web section of your web.config.

 <machinekey validationkey="yourkeyhere" decryptionkey="yourotherkeyhere" 
                validation="sha1" compatibilitymode="framework20sp2" />

the validationkey and decryptionkey have to be the same in both of your applications' web.configs.

note: the missing piece to make the cross-domain membership work with the older webforms was the compatibilitymode attribute. once that attribute was added, the cookie persisted across the domain.

2. add the enablecrossappredirects attribute to your forms element

in your system.web section, add an authentication element with forms.

 <system.web>
    <authentication mode="forms">
      <forms loginurl="yourloginurl" timeout="2880" 
             enablecrossappredirects="true" />
    </authentication>

one of the gotchas i experienced was the enablecrossappredirects=true (obviously).

if you don't have this attribute, it won't redirect properly.

3. lastly, add the domain

the domain attribute is also a critical component.

 <forms loginurl="yourloginurl"
             name=".myformsauthname"
             timeout="30" cookieless="usecookies"
             domain=".localhost.com"
             enablecrossappredirects="true" />

the leading period is required when using subdomains so the cookie can travel between the applications.

conclusion

the amount of effort it took for this to be implemented was contingent upon typing in the right google keywords to find the solution.

i wanted to post this particular story of using cross-domain cookies with legacy applications so no one has this same issue in the future.

after implementing everything described above, i can now log into an asp.net mvc and automatically go to the primary screen in the webforms application.

update: i also want to thank the parties involved with this question on stackoverflow . this was one of those well-placed keyword searches in google to find the right answer.

was this a good way to enhance this application? would it have been better to rewrite the whole webforms application? post your thoughts in the comments.

application ASP.NET MVC

Published at DZone with permission of Jonathan Danylko, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • How To Generate Code Coverage Report Using JaCoCo-Maven Plugin
  • Kubernetes vs Docker: Differences Explained
  • Apache Kafka vs. Memphis.dev
  • The Real Democratization of AI, and Why It Has to Be Closely Monitored

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: