2 years ago,
Your question has been submitted and is awaiting moderation.
I have a site with two applications. The first is DNN. In DNN, I have created a page with an IFrame and point it to the second app.
In the second app, I need to know the current user. I know that I can simple add the current user to the query string, and send that across. However, this is too easily spoofed. A hacker could just add a username to the url, and the SubApp would think that person is logged in.
I have searched and searched on this. The best I have found is: http://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx
I have tried this and it does work to share httpcontext.current.user.identity.name across two applications.
However, inside the IFrame, the identity does not get shared. In other words, I log into MainApp on one tab, then open a second tab, navigate directly to the SubApp (not in the IFrame) and it immediately shows the correct identity.
But when I view the SubApp from within the IFrame, then there is no identity shared.
So I am looking for a way to solve this. The app needs to be very secure, so I can't just pass it through the query string.