0

In our project we provide users with tumblr like subdomains as well as custom domain names like "mydomain.com". So I have one and the same server and one application but different domain names.

Everything works fine with dns and routing but I've faced authentication problem. Shared authentication for main domain and subdomains can be solved by just specifying machine key and domain name in web config.

    <authentication mode="Forms">
          <forms domain="xxx.com" loginUrl="~/account/logon" timeout="2880" />
    </authentication>

But in this case I have "Sign Out" problem, so Signing Out just don't work even after I added these lines of code (all the solutions of this problem I found):

    formsAuthentication.SingOut();
    Session.Abandon();
    HttpCookie cookie1 = new HttpCookie(FormsAuthentication.FormsCookieName, "");
    cookie1.Expires = DateTime.Now.AddYears(-1);
    Response.Cookies.Add(cookie1);
    HttpCookie cookie2 = new HttpCookie("ASP.NET_SessionId", "");
    cookie2.Expires = DateTime.Now.AddYears(-1);
    Response.Cookies.Add(cookie2);
    Response.Cache.SetCacheability(HttpCacheability.NoCache);
    Response.Cache.SetNoStore();

After all I still don't know how to implement cross domain authentication for custom domain names. Is it possible somehome to share authentication data for particular server between any domains? Or maybe I can retrieve this information on server side if I know domain name and machine key?

Dmitri Usanov
  • 348
  • 4
  • 11

1 Answers1

1

a workaround is to set the user information in the localstorage the client set from the "main domain" then set a cookie created by subdomain, but for all your sing-in/out operations you will have to use the "main domain" you can search for how stakoverflow and all the siblings sites works because they are using SSO so solve that, anyway maybe this post helps you.

EDIT

for more information how SO solve the auto login issue

Community
  • 1
  • 1
pedrommuller
  • 15,741
  • 10
  • 76
  • 126