Consider this scenario: you have 2 or more ASP.NET websites which use the same SQL database for their “forms” type of authentication. In the real life example I am referring to all these websites are hosted under different sub-domains e.g. www.company.com.au, sales.company.com.au etc. Normally users are asked to provide their login credentials (effectively the same login credentials as this is the same ASP.NET membership database) on both websites.

This is fine in regular situations, however it would be nice to ask the user to login just once and transparently use the same authentication cookie again and again (if it is not yet expired). There might be cases however when this is a requirement, for example when a user logged in to www.company.com.au should be redirected to sales.company.com.au.

Apparently there is an easy solution Microsoft provides for this purpose (I wish I learned about it some years back!). All you need to do is to make sure that the following criteria are met:

  1. In forms tag the name attribute should be the same across all your websites and path attribute set to “/”
  2. In machineKey tag encryption keys should be the same across all your websites
  3. The tricky point: in your forms tag explicitly specify domain name for your authentication cookie, like domain=”.company.com.au”

The points above should be checked in web.config files of all your websites. And that’s it, done. Enjoy.

You may also like

Sorting out SVN checkin/checkout issues

I work with SVN (our source control system) pretty extensively on a day-to-day basis. Having worked with several other systems in the past I must admit it is an excellent source/version control system, very easy to use for simple routine operations. In particular I’m talking about a “dead end” situation when there is a checkin/checkout conflict.

Keep Reading

Crystal Report Challenges

I chose to use UNION statements to link several select statements together to produce a neat and easy to read SQL query. All worked well in the stand alone Crystal report, but as soon as the report was called from the Windows application and valid filtering was applied the user was presented with the message “There are no records to report on”.

Keep Reading

Newsletter sign up

Every couple of months we send out an update on what's been happening around our office and the web. Sign up and see what you think. And of course, we never spam.