/ Web Dev Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Cross-Domain Cookie With Legacy Applications

DZone's Guide to

Cross-Domain Cookie With Legacy Applications

Writing modern web applications is easy, but what happens when you need to interface with a legacy application and cookies are required? Today, I explain the gotchas with cross-domain applications.

by
Jonathan Danylko
·
Apr. 28, 16 · Web Dev Zone
Free Resource

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Learn how to build modern digital experience apps with Crafter CMS. Download this eBook now. Brought to you in partnership with Crafter Software

Image title

Once you create your first ASP.NET MVC application, it's a great feeling.

You've created something out of nothing!

Creating a new application is easy.

However, integrating a brand new ASP.NET MVC website with a legacy website can be a challenge.

Our said challenge was an older WebForms application using ASP.NET 2.0 and we wanted (no, needed) to give the application a face lift, but it's not recommended that we rewrite the monolith. It would take years for this to be rewritten.

So how can we fix up this old and busted WebForms monolith?

Old and Busted...New Hotness (Scene from Men in Black II)

Branch by Abstraction

Martin Fowler mentioned a technique called Branch by Abstraction which seemed like a suitable way for us to proceed with this particular application.

The idea behind the technique is to move specific parts of the monolith over to the new hotness and slowly disconnect and dissolve the old feature in the monolith.

I understand one alternative is to use microservices to break apart the monolith, but this particular application presents a difficult way for us to decouple a large amount of untested, WebForm code.

Again, it's definitely a challenge.

Cross-Domain Headaches

As of this last week, I hit my head against the first problem.

The older WebForms application wasn't really an application, it was an ASP.NET WebSite. Not a web application.

Since we had this older WebForms website project, the team needed a way to cleanly add an ASP.NET MVC application.

The WebForms application uses the Microsoft Membership and requires a cookie passed across the application.

But, we're building a new ASP.NET MVC application and cookies don't travel across domains.

So, how do you pass those credentials from an MVC application over to the older application without adding any additional code to the older WebForms app?

The solution we came up with is to create the application on a subdomain so the cookie works across domains.

This solved the issue of our applications working together seamlessly.

Now... for the Gotchas

After implementing a subdomain for my local dev box, I was up and running.

I had the following domains working on my system for testing.

website1.localhost.com:888

website2.localhost.com:888

Fast-forward to Friday last week.

After a number of StackOverflow posts, here are the three things I learned over the week.

1. MachineKey

Make sure you have the machinekey element in your system.web section of your web.config.

 <machineKey validationKey="yourKeyHere" decryptionKey="yourOtherKeyHere" 
                validation="SHA1" compatibilityMode="Framework20SP2" />

The ValidationKey and DecryptionKey have to be the same in both of your applications' web.configs.

NOTE: The missing piece to make the cross-domain membership work with the older WebForms was the compatibilityMode attribute. Once that attribute was added, the cookie persisted across the domain.

2. Add the EnableCrossAppRedirects Attribute to Your Forms Element

In your system.web section, add an authentication element with forms.

 <system.web>
    <authentication mode="Forms">
      <forms loginUrl="yourloginurl" timeout="2880" 
             enableCrossAppRedirects="true" />
    </authentication>

One of the gotchas I experienced was the enableCrossAppRedirects=true (obviously).

If you don't have this attribute, it won't redirect properly.

3. Lastly, Add the Domain

The domain attribute is also a critical component.

 <forms loginUrl="yourLoginUrl"
             name=".MYFORMSAUTHNAME"
             timeout="30" cookieless="UseCookies"
             domain=".localhost.com"
             enableCrossAppRedirects="true" />

The leading period is required when using subdomains so the cookie can travel between the applications.

Conclusion

The amount of effort it took for this to be implemented was contingent upon typing in the right Google keywords to find the solution.

I wanted to post this particular story of using cross-domain cookies with legacy applications so no one has this same issue in the future.

After implementing everything described above, I can now log into an ASP.NET MVC and automatically go to the primary screen in the WebForms application.

UPDATE: I also want to thank the parties involved with this question on StackOverflow. This was one of those well-placed keyword searches in Google to find the right answer.

Was this a good way to enhance this application? Would it have been better to rewrite the whole WebForms application? Post your thoughts in the comments.

Crafter is a modern CMS platform for building modern websites and content-rich digital experiences. Download this eBook now. Brought to you in partnership with Crafter Software.

Like This Article? Read More From DZone

Why Target the Application Layer?
25 Percent of Web Apps Still Vulnerable to Eight of the OWASP Top Ten
Vulnerabilities in the News This Week

Free DZone Refcard

Getting Started With Java-Based CMS
DOWNLOAD
Topics:
cookies ,cross site scripting

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of Jonathan Danylko, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Web Dev Partner Resources

7 Reasons Why Crafter Should Be On Your Web CMS Shortlist
A Guide to Modern Java Web Development with Crafter CMS
Create Data Driven Apps Faster by Eliminating Query Writing
How to Add Authentication to Your Angular Progressive Web Application (PWA)
The Node.js ecosystem has done an absolutely fantastic job in providing tools that help speed development workflows and streamline the process of writing and shipping code.
Building and Optimizing Multi-Channel Web Experiences
Learn How Qlik Tech Cracked Search
Tutorial: Develop a Mobile App With Ionic and Spring Boot
Getting Started with Node.js, Docker, and Kubernetes
Bootiful Development with Spring Boot and Angular
Qlik PlaygroundTM: A free coding environment to simplify data driven development

Web Dev Partner Resources

7 Reasons Why Crafter Should Be On Your Web CMS Shortlist
A Guide to Modern Java Web Development with Crafter CMS
Create Data Driven Apps Faster by Eliminating Query Writing
How to Add Authentication to Your Angular Progressive Web Application (PWA)
THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone