Forms Authentication across virtual directories

by

I am trying to share forms auth from a root application to a sub application running in a virtual directory. I am having trouble with authentication in the subsite.

In the parent application everything works as expected.

I have the following setup:

Parent application:

  • URL: http://localhost:1336/
  • <forms loginUrl="~/account/sign-in" protection="All" timeout="30" name=".MYAPPLICATION" path="/" requireSSL="false" slidingExpiration="true" cookieless="UseDeviceProfile" enableCrossAppRedirects="true" defaultUrl="/" />

Virtual Directory:

  • URL: http://localhost:1336/subsite
  • <forms loginUrl="/account/sign-in" protection="All" timeout="30" name=".MYAPPLICATION" path="/" requireSSL="false" slidingExpiration="true" cookieless="UseDeviceProfile" enableCrossAppRedirects="true" defaultUrl="/" />

When i try to a http://localhost:1336/subsite I get the following flow:

  • GET for http://localhost:1336/subsite -> 302 to /account/sign-in?ReturnUrl=%2fsubsite (looks ok)
  • Enter User/password
  • POST to http://localhost:1336/account/sign-in?ReturnUrl=%2fsubsite -> 302 /subsite (great the auth looks like its successful)
  • GET for http://localhost:1336/subsite -> 302 to /account/sign-in?ReturnUrl=%2fsubsite (IE the subsite doesnt think its authenticated)

Also i can see the cookie in the list in my browser (so its actually there)

What have I got wrong in my config that’s stopping my subsite from sharing the parent cookie?

I am running this on IISExpress

Contents hide
Answers:
Method 1

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

In your web.config files, set a common machine key between the projects so that the 2 domains share validation and decryption keys.

example:

<machineKey validationKey="21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4374267A75D7" 
decryptionKey="ABAA84D7EC4BB56D75D217CECFFB9628809BDB8BF91CFCD64568A145BE59719F"
validation="SHA1"
decryption="AES"
/>


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x