I have two subdomains, say b1.abc.com and s1.abc.com . I am implementing single sign on using forms authentication but it doesn't seem to work as expected. What I want is, if a user signin in b1.abc.com and then open home page of s1.abc.com (say in another tab), then he shouldn't be redirected back to login page, instead logged him in and show him home page.
As of now, when I login in b1.abc.com and then open s1.abc.com, it doesn't authenticate and redirect to login page.
Below is my code.
In login button click event of both the app :
FormsAuthentication.SetAuthCookie(txtUserName.Text, true);
System.Web.HttpCookie MyCookie = System.Web.Security.FormsAuthentication.GetAuthCookie(User.Identity.Name.ToString(), true);
MyCookie.Domain = "abc.com";
Response.AppendCookie(MyCookie);
Response.Redirect("Home.aspx", false);
Context.ApplicationInstance.CompleteRequest();
Then in home.aspx page of both the application, I check as below :
bool isLoggedIn = ((System.Web.HttpContext.Current.User != null) && System.Web.HttpContext.Current.User.Identity.IsAuthenticated);
if (!isLoggedIn)
{
FormsAuthentication.RedirectToLoginPage();
return;
}
In web.config, I have below settings :
<authentication mode="Forms">
<forms name="Authent" protection="All" timeout="60" loginUrl="Login.aspx" defaultUrl="Home.aspx" path="/" enableCrossAppRedirects="true" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
NOTE : I tried giving domain name of cookie with a dot (.abc.com), but it didn't work.
I solved it as below :
1) Added domain in web.config.
<forms name="Authent" protection="All" timeout="525600" loginUrl="Login.aspx" defaultUrl="Home.aspx" path="/" enableCrossAppRedirects="true" slidingExpiration="true" domain=".abc" />
2) I checked if authenticated by below lines :
if (!(Request.IsAuthenticated))
{
FormsAuthentication.RedirectToLoginPage();
return;
}
3) In the first block in question,
MyCookie.Domain = ".abc.com"; // note the dot before domain name