I found by creating 2 new websites in IIS 7 that single sign-on authentication does not work when launched in different application pools. When I move applications to one pool, I can log into one of them and log in to the other. When I change the application pool on one of them, I will not sign up for the second.
Are there any parameters that can be set in the machine.config file so that they can share the same cookie over application pools?
Ex. 1: proj1 (app pool.net 2)
proj2 (.net 2 application pool)
= Single Sign-on works, they use the same cookie.
Ex. 2: proj1 (app pool.net 2)
proj2 (.net 4 application pool, integrated / classic)
= Single sign-on does not work, they DO NOT use the same cookie.
Ex. 2: proj1 (pool.net 4 app, integrated / classic)
proj2 (.net 4 application pool, integrated / classic)
= Single Sign-on works, they use the same cookie.
Original post
Last update below
I have 2 projects, one of them is asp.net web forms and the other is mvc 3 project.
I followed this guide, see below, and I earned it on my computer. But when I upload it to the server, it no longer works. The differences that I can think of are: 1) on the server we are using SSL, 2) the webforms project uses .net 2, and the MVC project uses .net 4 (integrated mode) and 3) I use IIS 7 on the server and I use VS 2008/2010 to test it on my local computer.
asp.net MVC 3 (.net 4)
<forms name=".ASPXAUTH" loginUrl="~/Home/Login" timeout="30" enableCrossAppRedirects="true" domain=".mydomain.com" ticketCompatibilityMode="Framework20" />
Webforms (.net 2)
<forms name=".ASPXAUTH" loginUrl="Default.aspx" defaultUrl="Default.aspx" timeout="30" domain=".mydomain.com" enableCrossAppRedirects="true" />
The funny thing is that I loaded the test.aspx page for both the Mvc project (.net 4) and the webforms project (.net) and just displays the trace.
Both projects have the same sessionid and .ASPXAUTH. On my localhost, I can access ASPXAUTH in the mvc project, but I cannot access it on the server.
Projects run as subdomains, mvc.mydomain.com and webforms.mydomain.com.
Anyone have any ideas on how to solve this? I have full access to IIS 7.0.
(I also tried disabling SSL on the server, but I still get the same result)
Identity Sharing Guide: http://www.codeproject.com/KB/aspnet/SingleSignon.aspx
Update I also tried this: (webforms.net 2.0)
var ticket = new FormsAuthenticationTicket(1, "authtest", DateTime.Now, DateTime.Now.AddMinutes(30), false, login.Email); var enc = FormsAuthentication.Encrypt(ticket); var cookie = new HttpCookie("authcookie", enc) {Domain = ".mydomain.com"}; Response.Cookies.Add(cookie);
and in mvc 3 (.net 4)
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(HttpContext.Request.Cookies["authcookie"].Value); ViewBag.User = "User: " + ticket.Name;
This causes the following error: "The data length for decryption is invalid."
Updated 6th jul
It's funny When I add 2 new domains that work under .net 2, it works fine. But when I change the application pool to .net 4, it stops working. It looks like they are incompatible, or I could skip the parameter somewhere