Brendan Grant from the Microsoft Windows Home Server team has posted an excellent walk-through on configuring your custom WHS web application to leverage the existing WHS forms-based authentication provider.

Lets take a look at the web.config (c:\Inetpub\remote\web.config) from a Home Server sitting under my desk at work:

<?xml version="1.0"?>
        <machineKey validationKey="<key removed for length>"
   decryptionKey="<key removed for length>"
   validation="SHA1" decryption="AES" />
        <authentication mode="Forms">
            <forms name="RemotePortalAuth" loginUrl="logon.aspx" protection="All" path="/" timeout="12000" requireSSL="false"/>
            <deny users="?"/>
            <allow users="*"/>
        <httpRuntime maxRequestLength="2097151" executionTimeout="86400"/>
        <customErrors mode="On" defaultRedirect="error.aspx"/>
        <trace enabled="false" requestLimit="100" pageOutput="false" traceMode="SortByTime" localOnly="false"/>
        <sessionState mode="InProc" cookieless="false" timeout="20"/>
        <globalization requestEncoding="utf-8" responseEncoding="utf-8"/>

In order for our own web application to use the same authentication back end and cookie as the existing Windows Home Server Remote Access web page, we need to copy two sections of the above file to the web.config file being used by our own custom app, specifically the machineKey, and authentication key tags.

It’s always a good idea to give your users a consistent experience; leveraging the existing authentication model enables single sign-on between your application and the rest of the Remote Access infrastructure.

posted on Tuesday, March 10, 2009 4:48 PM | Filed Under [ Windows Home Server Development Microsoft ]


Site Sections

Recent Posts


Post Categories

WHS Add-In Tutorial

WHS Blogs

WHS Development