Share via


Configuring Multiple Sites

Configuring Multiple Sites

A Passport Manager object installed on a given server can be given different defaults, behaviors, encryption keys, and Site IDs, such that a single object can be used for multiple sites being served from a single server computer. Each configuration can either share a common encryption key, or use a different encryption key for each site. If the keys are different, or if the cookie-write paths and domains are different, one site cannot read the other's Tickets and Profiles and new ones must be written into the current calling domain.

As an example, you might configure a server to serve two sites from the same computer: one resolves www.myserver.com and the other resolves www.alternatesite.com. The www.myserver.com configuration might use Site ID 1234 and the www.alternatesite.com configuration might use Site ID 4321. Each configuration could have different settings for time windows and other Passport Manager object defaults, and use different encryption keys. When a user requests pages from www.myserver.com, Passport Manager reads the request header, loads the appropriate configuration, uses that site's defaults in method calls, and encrypts and decrypts Tickets in the key that corresponds to Site ID 1234. When the same user requests pages from www.alternatesite.com, Passport Manager uses Site ID 4321 and potentially different defaults and keys. In this case, each site should probably maintain and install its own unique encryption key. Because the paths of these two different sites are different, they could not read each other's cookies even if the keys were the same.

As another example, you might configure www.myserver.com and purchase.myserver.com to exist on the same server. Both could use different Site IDs and configurations as in the previous example, but would probably wish to share the same encryption key. As long as the key is shared, and the cookie paths are set to the common path .myserver.com, the two sites could share Tickets and Profiles for the same connecting user and reauthorization would not be needed if the user moved from www.myserver.com to purchase.myserver.com. If two sites do share the same cookie-write path, it is essential that they also share keys; otherwise, one site overwrites the other site's cookies with unreadable data, and the entire point of sharing cookies between sites is defeated.

Multiple Site Configurations and the Passport Manager Administration Utility

This section contains instructions for multiple site configuration of Passport Manager using the Passport Manager Administration utility.

To create a new site configuration and enable multiple site use of Passport Manager

  1. Click the Start button, point to Programs, then to Microsoft Passport, and then click Passport Manager Administration Utility.

  2. Click the New button.

    The Add New Web Site dialog box appears.

  3. In the Web Site Name field, type a new "friendly name" for the site.

    The value given for Web Site Name should match the site name specified as the /s parameter if encryption keys designated for a particular site name have already been installed or will be installed. For information about the purpose of the /s parameter when installing keys, see Installing .NET Passport Encryption Keys.

    Tip  Avoid the use of names that contain spaces when specifying Web Site Name. If you do, you must enclose the string in quotes when specifying as the /s value, and you must encode the spaces out of the value if specifying it as vSiteName.

  4. In the Host Name field, type a host name and IP address.

    This value should be the server host name to which this particular Microsoft® .NET Passport-enabled site resolves. If the site uses a port other than 80, specify the port number along with the host name in a single string: hostname:port#.

  5. In the Host IP field, type an IP address.

    IP address is the resolving IP number for the site.

  6. To enable the new site configuration, click Commit Changes.

Host Name Resolution

Both Host IP and Host Name are required fields in the configuration. However, only one of these values may actually be required for Passport Manager to resolve to a unique configuration, as long as there is no ambiguity. Each configuration needs a combination of Host IP and Host Name that uniquely identifies it. If only the host name is unique between two sites, and the IP address is the same, you may enter either the actual IP address or some false IP address or mask such as "255.255.255.0" for the Host IP field. Either way, Passport Manager will still differentiate between the configurations by host name. If no host name and no IP address in the request is determined to match an existing configuration, the <default> configuration as declared in the Passport Manager Administration utility is used.

When a server such as Microsoft Internet Information Services (IIS) receives incoming requests, it reads first the IP address and then the host name from the HTTP header. The host name is what is actually passed from the server to the Passport Manager object in headers and this determines which configuration loads. Actually setting up multiple sites on a single server requires creating the host names or IP addresses through the IIS Admin interface or the equivalent interface on a non-IIS server. In cases in which configurations exist both for different host names and different IPs, the IP address is checked first, and then all existing host names under that IP address are checked.

Editing Existing Configurations

After they have been created, site configurations can be edited by selecting the corresponding site name in the Web Site Name drop-down list box in the Passport Manager Administration utility. The fields refresh to show the corresponding configuration data. Remember to click Commit Changes when you finish your edits. If you shift between sites with unsaved changes, a dialog box appears, asking whether changes should be saved.

Key Installation

If you are installing keys on a server with multiple site configuration, make sure to use the /s command-line parameter when running the key installation program, to specify to which site configuration the keys are being installed. The /s parameter should match the value of the Web Site Name field for a configuration in the Passport Manager Administration utility if you are installing keys to an existing site configuration.

See Also

Passport Manager Administration Utility