I'm developing a mobile-only sub domain website for an existing website. (The main site is www.domain.com and the mobile-only site I'm developing is m.domain.com.)
When a user logs into the main website, I want to redirect them to the mobile-only website if:
When redirected, they should not have to log in a second time. And so I want to share authentication across websites. The main website uses Forms Authentication.
I am trying to follow the steps described in the article Forms Authentication Across Applications. The main thing is that you must "set attributes of the forms and machineKey sections of the Web.config file to the same values for all applications that are participating in shared forms authentication."
I have done this. However, it's still not working. I can log in or out of either site using the same credentials. But logging in or out of one site does not have any effect on the login status of the other.
The article has this note:
Applications that run ASP.NET version 2.0 or later can share forms authentication ticket information with earlier versions of ASP.NET if you include decryption="3DES" in the machineKey element for each ASP.NET version 2.0 (or later) application.
This does not seem to apply.
Also, I do not specify the domain attribute of the authentication element. It says it's optional, and that the default value will be "".
Can anyone suggestion what else I might try. I just don't know where to go from here.
This is what is wrong.
Also, I do not specify the domain attribute of the authentication element. It says it's optional, and that the default value will be "".
You should set the domain attribute in the forms element like this(not sure about the dot indicating a subdomain).
<forms domain=".mydomain.com" loginUrl="member_login.aspx" cookieless="UseCookies" />
The CookieDomain property value is set in the configuration file for an ASP.NET application by using the domain attribute of the forms configuration element. The CookieDomain property value determines the Domain that the cookie will be used for.
The documentation from your link states that
You can omit the domain attribute of the forms tag if there is only one Web site on the server.
Which in your case, it is not.