The ASP.NET MVC 3 site I am developing can be accessed from multiple different URLs, each of which connect it to different databases on the back-end (1:1 URL to DB). I need to be able to allow the user to switch between URLs without having to log into each URL. Currently, I'm using Forms Auth with an almost standard MembershipProvider/RoleProvder scheme.
What are my options for allowing the change of URL and "staying logged in"? I'm guessing I need to implement some sort of federated security. What do you recommend? Note that I would need to control all aspects of the security (so, for example, can't use google id).
If necessary, I'm ok with adding a WCF web service to the mix.
I do not want to integrate with AD if at all possible since we don't want all the web users as domain users.
EDIT: the authentication DB is currently the same across all URLs
Thanks in advance.
Natively, I'm pretty sure you're flat out of luck. The membership provider persists the authentication session via cookies which, of course, are bound to the domain. Short of implementing a behaviour which would allow you to pass - and verify - auth state via the URL, I can't see any way around this.