I am trying to implement a SSO between an main IIS 7 site (local.mysite.com) and a VirtualDirectory beneath it (local.mysite.com/vdir).
I've setup both web.configs to use the same MachineKey settings and Authentication section:
<authentication mode="Forms">
<forms name="myCookie" loginUrl="login.aspx" protection="All" path="/" enableCrossAppRedirects="true" domain=".mysite.com"/>
</authentication>
<machineKey validationKey="123" decryptionKey="456" validation="SHA1" decryption="AES"/>
I currently have the login working in the main site. I'm creating my own auth cookie using code similar to:
var ticket = new FormsAuthenticationTicket(1, state.Email, DateTime.Now, expiresDate, true, state.ToString());
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket) { Domain = FormsAuthentication.CookieDomain };
response.Cookies.Add(cookie);
However, whenever I hit the Virtual Directory after logging in the user is not authenticated. Using FireBug I can see that the cookie is sent in the request but I cannot access it in code behind. However if I remove the entry from the VirtualDirectories web.config I can see the "myCookie" cookie in the Requests cookie collection.
I can't figure out why this would be, can anyone shed some light on it? I'm not too familiar with working with VirtualDirectories in IIS so could be something I am missing.