Search code examples
asp.net-mvcasp.net-membership

Authentication on one site using the ASP.NET membership of another

We have one site that uses ASP.NET Membership for its user accounts. Let's say this site is at www.domain.com.

We have another site, let's say at www.domain.com/site2, which already connects to the database of site #1 for other reasons. We'd like to implement a username/password login to site #2, and would like to use the existing login credentials for site #1, as site #1 is where they apply for permission to access various systems, etc.

I'm not trying to create a SSO kind of solution, where signing into one site signs you in to the other, which is what other questions have been about.

I would like them to be able to enter their username and password that they have on site #1, enter it on site #2 and it auths them to site #2.

Is this possible?

Web.config of site #1:

<machineKey decryptionKey="AutoGenerate" validation="SHA1" validationKey="AutoGenerate" />
<membership>
  <providers>
    <clear />
    <add name="AspNetSqlMembershipProvider" 
         type="System.Web.Security.SqlMembershipProvider" 
         connectionStringName="VTDB" 
         enablePasswordRetrieval="false" 
         enablePasswordReset="true" 
         requiresQuestionAndAnswer="false" 
         requiresUniqueEmail="true" 
         maxInvalidPasswordAttempts="5" 
         minRequiredPasswordLength="8" 
         minRequiredNonalphanumericCharacters="0" 
         passwordAttemptWindow="10" 
         applicationName="/" />
  </providers>
</membership>
<profile>
  <providers>
    <clear />
    <add name="AspNetSqlProfileProvider" 
         type="System.Web.Profile.SqlProfileProvider" 
         connectionStringName="VTDB" 
         applicationName="/" />
  </providers>
</profile>
<roleManager enabled="true">
  <providers>
    <clear />
    <add connectionStringName="VTDB" 
         name="AspNetSqlRoleProvider" 
         applicationName="/" 
         type="System.Web.Security.SqlRoleProvider" />
  </providers>
</roleManager>
....

Web.config of site #2:

<membership defaultProvider="AspNetSqlMembershipProvider">
  <providers>
    <clear />
    <add name="AspNetSqlMembershipProvider" 
         type="System.Web.Security.SqlMembershipProvider" 
         connectionStringName="VTConnString" />
  </providers>
</membership>
<machineKey decryptionKey="AutoGenerate" validation="SHA1" validationKey="AutoGenerate" />

Where VTConnString points to site #1's database.

But when I call Membership.ValidateUser(userName, password) in site #2, it always returns false.

Solution

  • I figured out the issue:

    I was missing applicationName="/" in site #2's web.config. Now that the applicationNames are set the same, it works correctly.