Detecting Login from external site
Is there a way from an external webapp (subdomain, but same domain...not SF based) to ask sitefinity if a user is logged in?
I tried just looking for like "HttpContext.Current.Request.Cookies["FedAuth"]" but it's just never there on the subdomain site, so that clearly won't work :)
Yep, cookies are per domain, not even per sub-domain :)
We do not have such feature for security reasons - we do not want someone to ping a site and start asking if users are logged in. You can do a small web service tough in the Sitefinity site pass parameters like user/e-mail and it should return true/false if the user is online. Or, the web service can just have..
IList<User> users= SecurityManager.GetLoggedInBackendUsers()
.. and you'll have all online users at once.
Yeah I already have a user service...hmm
Now if we implemented claims on the webapp...sitefinity could be the issuer and then the site would just "work" to know the logged in state?
...well...how the heck would I secure this?
A webreqest from the one site over to sitefinity has ClaimsManager returning IsAuthenticated false...?
EUGH...next meeting I'm gonna see if we can just move the pages into controls and host in sitefinity
Your scenario is very interesting. Our colleague, Svetla Yankova wrote two great articles about: Single Sign On Between Sitefinity and 3rd Party Applications:
I believe, these articles will be helpful.
Nope, won't work...well...too much work on an old app to convert it to claims is the problem
I fixed the underlying problem and just locked sitefinity back down on the webconfig...so we can't use thunder or SDA...