Form authentication across multiple applications

StackOverflow https://stackoverflow.com/questions/14995596

Question

We are trying to use authentication between two applications on our PC's (Windows 7, IIS 7.5) and eveything goes fine. But the problem is when we try to publish these sites (Windows web server 2008, IIS 7.0) the cross authentication didn't work!!

After long invistigation we found that the error occured in the following code which is on the second site:

Dim formsCookie As HttpCookie = Request.Cookies(FormsAuthentication.FormsCookieName)
    If (formsCookie IsNot Nothing) Then
    Else
    ' always null

We tried to check the pathes like this in code behind :

 Dim ticket As New FormsAuthenticationTicket(1, smsProfile, DateTime.Now, _
                                                       DateTime.Now.AddDays(1), True, AdminSessions.UserObj.Pid, _
                                                       FormsAuthentication.FormsCookiePath)
    Dim hash As String = FormsAuthentication.Encrypt(ticket)
    Dim cookie As New HttpCookie(
       FormsAuthentication.FormsCookieName,
       hash)
    If (ticket.IsPersistent) Then
        cookie.Expires = ticket.Expiration
    End If
    Response.Cookies.Add(cookie)
    Response.Redirect(smsPortal)

in the web.config:

       <authentication mode="Forms">

        <forms name=".ASPXFORMSAUTH" enableCrossAppRedirects="true" domain="mydomain.com.jo" loginUrl="http://..." protection="All" path="/"/>

    </authentication>

Kindly advice us what is the difference between IIS in local PC and the Server.

Thanks.

Was it helpful?

Solution

It is highly likely that the browser is not sending the authentication cookie from the first site to the second site. Check the cookie path and the domain. Both sites must be on the same domain, and the cookie path must be set to a common root.

See this link for more details: Cookie Domains and Paths

To aid in troubleshooting, use a utility such as Fiddler or Firebug to view the cookies being sent in the request, and verify that the authentication cookie set by site 1 (where the user logged in) is also being sent to site 2.

If the sites aren't on the same server, also check if they are using the same machineKey configuration.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top