Pergunta
I have two applications "http:/localhost/applicationA" and "http:/localhost/applicationB". I have configured applicationA for claim based authentication settings. applicationA is working perfectly. But I am refering some javascrips of applicationB from applicationA. But applicationB has no the authentication cookies(FedAuth).
Is it possible for me to add claim authentication in both applicationA, applicationB using the below code?
https://stackoverflow.com/questions/17739147
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="http://localhost/applicationB/" />
<add value="http://localhost/applicationA/" />
</audienceUris>
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="PassiveSigninSTS">
<keys>
<add thumbprint="DE161DD37B2FEC37BDB17CAFF33D982DCE47E740" />
</keys>
<validIssuers>
<add name="PassiveSigninSTS" />
</validIssuers>
</authority>
</issuerNameRegistry>
<!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
<certificateValidation certificateValidationMode="None" />
</identityConfiguration>
Solução
You would need to enable claims authentication in applicationB for this to work. In other words, you would need to setup the same system.identityModel web.config settings in applicationB as in applicationA (as you've shown in your example).
Is there a reason that the JavaScript needs to be secured? If the scripts aren't secured, why not just make them accessible to everyone so you won't need to worry about the single sign-on across sites?
