AuthenticationForm - cookie cross site

Posted by bit on Stack Overflow See other posts from Stack Overflow or by bit
Published on 2012-09-03T18:52:18Z Indexed on 2012/09/03 21:38 UTC
Read the original article Hit count: 177

I've 2 web site, the first one myFirst.domain.com and the second one mySecondSite.domain.com.

They stay on two different web server and my goal is allow a cross site authentication (my real need is shared authenticationForm Cookie).

I've correctly setted web config (machine key node, forms node). The only different is about loginUrl where on myFirstSite appears like "~/login.aspx", instead on mySecondSite it appears like "http://myFirstSite.com/login.aspx".

Note that I've not a virtual directory, I've just 2 different web apps.

The problem: When I reach myFirstSite login page from mySecondSite I never get redirect from login page, it seems like if cookie doesn't being written.

The following is a few of snippet about the issue:

MyFirsSite:

 <machineKey validationKey="..." decryptionKey="..." validation="SHA1" decryption="AES" />
        <authentication mode="Forms">
    <forms loginUrl="login.aspx" name="authCookie" enableCrossAppRedirects="true"></forms>
        </authentication>
        <authorization>
                              <deny users="?" />
            <allow users="*"/>
        </authorization>

MyFirstSite code behind:

 FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1, "userName..", DateTime.Now, DateTime.Now.AddMinutes(30), true, "roles..");

        string ticket = FormsAuthentication.Encrypt(fat);

        HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, ticket);
        authCookie.Expires = fat.Expiration;
        authCookie.Domain = "myDomain.com";
        Response.Cookies.Add(authCookie);

// here other stuff about querystring checking in order to execute exact redirect, however it's not work, I always return on login page

MySecondSite:

<machineKey validationKey="..." decryptionKey="..." validation="SHA1" decryption="AES"/>
        <authentication mode="Forms">
            <forms loginUrl="http://myFirstSite.domain.com/login.aspx?queryStringToIndicateUrlPage" enableCrossAppRedirects="true"></forms>
        </authentication>
        <authorization>

Well, that's all. Unfortunately it doesn't works. please, don't pay attention to "queryStringToIndicateUrlPage", it's only simple workaround in order to know whether I must redirect on the same app or on the another one.

© Stack Overflow or respective owner

Related posts about ASP.NET

Related posts about forms-authentication