ASP.NET Forms Authentication Across Applications Issue
This has been the bane of my existence for the better part of a week. I have four existing webforms applications that utilize forms authentication. The URL for each is mydomain/app1/, mydomain/app2/, etc. I have been tasked with creating a new application that will function as a single sign-on application with the URL mydomain/ssoapp. Once a user logs in, it basically compiles everything from the pre-existing apps that the user has access to, so our users don't have to go out and log into each of them separately. But the old applications need to function as they currently do. The important part of my web.config is as follows: <authentication mode="Forms" > <forms loginUrl="frmLogin.aspx?Type=login" name="sqlAuthCookie" protection="All" path="/" domain="mydomain" timeout="60" cookieless="UseCookies" enableCrossAppRedirects="true" /> </authentication> <machineKey validation="SHA1" decryption="AES" decryptionKey="mykey" validationKey="myvalkey"/> Simply adding this to the web.config for all of the applications worked like a charm....for three of them. In the SSO application I'm creating a formsauthenticationticket, cookie, and adding that to the response with the following code. Each of the four pre-existing applications uses this same code as well: Dim lTicket As New FormsAuthenticationTicket( _ 1, _ pstrUserId.ToString, _ System.DateTime.Now, _ System.DateTime.Now.AddMinutes(60), _ True, _ pstrUserId.ToString, _ FormsAuthentication.FormsCookiePath) ' Encrypt the ticket. Dim lencTicket As String = FormsAuthentication.Encrypt(lTicket) ' Create the cookie and add to response Dim cookie As HttpCookie = New HttpCookie(FormsAuthentication.FormsCookieName, lencTicket) cookie.Domain = ".mydomain.gov" pobjResponse.SetCookie(cookie) pobjResponse.Cookies.Add(cookie) 'Cleanup lencTicket = Nothing lTicket = Nothing In chrome debugger for the SSO application, I log in and the cookie is created with the correct information. I can click on my menu list, which uses a response.redirect to go out to the other applications. For the 3 working applications, I bypass the login screen, go directly to the form I need, and the cookie is unchanged For the problem child application, I can still see the cookie however I am redirected back to the login screen. If I login from this point, a new cookie is created, with the same name as the preexisting one, however the domain has the "www" prefix on it Other useful information (maybe): I've ensured that all machinekey, decryption key, validation method, etc match across applications My domain is in the format of sub1.mid1.gov . I've tried every combination of the format for this in the cookie assignment and web.config. Both with and without the preceding dot. I've removed httpRuntime from the web.config as some others had mentioned this causes issues. There are no errors in the IIS logs All applications are running under the same apppool currently Currently I'm contemplating taking some vacation time so I don't feel bad about crying in the corner on my employers dime. I'm sure it's something ridiculously simple, but I appreciate any help in the matter. Thanks!
Does output cache in ASP.net takes the fragment into consideration
Different output cache timeout for different usercontrols
asp.net: what's the page life cycle order of a control/page compared to a user contorl inside it?
Adding classic code behind asp.net page to asp.net mvc 3
Asp.Net difference between doPostBack & DoPostBackWithOptions
Visualize the traces written after or before a page cyclelife in asp.net
RAD Editor Dialogs Failing with UrlRewritingNet (Telerik KB Article: “Web.config registration missing!” not helpful)
How to apply stylesheet in our user control
how to collect json data in asp.net web page
How to resolve error while implementing DES encrypt/decrypt in asp.net?
URL link in SQL DIRECT
How to create an RSS feed in ASP.NET 3.5?
Using Web.Config Active Directory Connection String
Compiler Error Message: CS0433: The type 'MasterPage' exists in both 'c:\~\App_Web_ogmril5q.DLL' and 'c:\~\App_Web_ogmril5q.DLL'
how to insert data in to grid view using asp.net without database
In ASP.net Page life cycle on which state Controls is accessible?