Windows Home Server Login
One of the major advantages Windows Home Server has over much of it’s competition (external hard drives, generic network attached storage devices, secondary PCs) is that it’s a full Windows Server under the hood and comes along with the ability to host almost any sort of web page or application you care to deploy to it, including those based on ASP.NET.
With your server hosting all of your content at, there exists the need to control access, something Windows Home Server does on it’s own through it’s remote access web site which uses the underlying Windows accounts. 3rd party developers can leverage Windows or Forms based authentication in their own web applications… however in doing so they are normally responsible for handling authentication… did you know developers you can use the same login page that already ships on Windows Home Server in their own applications?
Why so? The authentication system built in to ASP.NET can be used to offload some of the work of determining if a user is authenticated and what to do with them if they are not (amongst many other things)… these settings, like most other ASP.NET settings in the web.config file within a web application’s directory and when the correct sections of config are copied between applications, single sign-on is the result.
Lets take a look at the web.config (c:\Inetpub\remote\web.config) from a Home Server sitting under my desk at work:
In order for our own web application to use the same authentication back end and cookie as the existing Windows Home Server Remote Access web page, we need to copy two sections of the above file to the web.config file being used by our own custom app, specifically the machineKey, and authentication key tags.
The authentication key specifies not only what kind of authentication to use (forms), but what the name of the resulting authentication cookie will be (RemotePortalAuth) and where to send browsers who are not authenticated (login.aspx) while the machineKey defines the encryption keys to use
Before hitting save on my updated web.config file, I will need to tweak it slightly, changing the loginUrl property to point to the logon page that exists in a directory different than where the new web app is running:
What I described above is the manual process behind such a process, it would be the responsibility of an installer of a web site to open the existing web.config file, grab the needed bits and insert it into it’s own web.config, which given only involves a bit of xml can be a simple process.