Tag Archives: Asp.Net

Asp.Net MVC Code

How to enable CORS in Asp.Net

CORSĀ is a method of allowing calls from one domain to another that would otherwise be forbidden due to same origin policy. There are many ways to enable this to allow asp.net to respond to these types of request and the method below allows calls from any domain. This might not be right for every application but it’s a quick way to get started.

In the apps web.config add the following section:

        <add name="Access-Control-Allow-Origin" value="*" />

Share sessions between asp.net apps

From my StackOverFlow answer.

If you want to share sessions between different apps there are a few things you need to do.

First you’ll need to run the session state in SQL mode.
At this point I found out that the SQL session state takes the machine key and your _appDomainAppId to generate a key for your app to access it’s own session data. So we need to keep these the same between all your apps.

In the web configs of your apps you’ll need to use the same machine key. This can be any where inside the system.web tags E.G:

    <machineKey decryptionKey="EDCDA6DF458176504BBCC720A4E29348E252E652591179E2" validationKey="CC482ED6B5D3569819B3C8F07AC3FA855B2FED7F0130F55D8405597C796457A2F5162D35C69B61F257DB5EFE6BC4F6CEBDD23A4118C4519F55185CB5EB3DFE61"/>

Add an appSetting “ApplicationName” and give it name (this has to be the same for both apps)
You’ll then need to create a shared session module which will change the _appDomainAppId. The one below is what I use.

    namespace YourApp
  using System.Configuration;
  using System.Reflection;
  using System.Web;

  /// <summary>class used for sharing the session between app domains</summary>
  public class SharedSessionModule : IHttpModule
    #region IHttpModule Members
    /// <summary>
    /// Initializes a module and prepares it to handle requests.
    /// </summary>
    /// <param name="context">An <see cref="T:System.Web.HttpApplication"/>
    /// that provides access to the methods,
    /// properties, and events common to all application objects within an ASP.NET
    /// application</param>
    /// <created date="5/31/2008" by="Peter Femiani"/>
    public void Init(HttpApplication context)
      // Get the app name from config file...
      string appName = ConfigurationManager.AppSettings["ApplicationName"];
      if (!string.IsNullOrEmpty(appName))
        FieldInfo runtimeInfo = typeof(HttpRuntime).GetField("_theRuntime", BindingFlags.Static | BindingFlags.NonPublic);
        HttpRuntime theRuntime = (HttpRuntime)runtimeInfo.GetValue(null);
        FieldInfo appNameInfo = typeof(HttpRuntime).GetField("_appDomainAppId", BindingFlags.Instance | BindingFlags.NonPublic);
        appNameInfo.SetValue(theRuntime, appName);

    /// <summary>
    /// Disposes of the resources (other than memory) used by the module that
    /// implements <see cref="T:System.Web.IHttpModule"/>.
    /// </summary>
    /// <created date="5/31/2008" by="Peter Femiani"/>
    public void Dispose()

In the web config you’ll need to add this module:

      <add name="SharedSessionModule" type="YourApp.SharedSessionModule, YourApp, Version=, Culture=neutral" />

Final thing to do is to allow the session cookie to pass between domains…like so

  var session = HttpContext.Current.Session;
  var request = HttpContext.Current.Request;
  var cookie = request.Cookies["ASP.NET_SessionId"];
  if (cookie != null && session != null && session.SessionID != null)
    cookie.Value = session.SessionID;
    cookie.Domain = "yourappdomain.com";

    // the full stop prefix denotes all sub domains
    cookie.Path = "/"; // default session cookie path root

And that should do the trick.