3

I have an IIS website on www.example.com

and a virtual directory at www.example.com/demo/

How can I use the authentication cookie from www.example.com in my virtual directory?

Joel Coehoorn
  • 399,467
  • 113
  • 570
  • 794
  • is that a simple *virtual directory* that you have (usually to map some phisical folder inside your IIS site) or an application folder with a different *IIS AppPool* (running under different process not sharing anything with *parent* website)? So a folder converted to an application? – Robert Koritnik Oct 27 '10 at 16:17

3 Answers3

2

You are looking for a Single Site Login solution. If the article I linked to doesn't help you, there's plenty more on google when you know what to search for ;)

Tomas Aschan
  • 58,548
  • 56
  • 243
  • 402
  • 1
    Creating a custom and using it on each site did the trick. That allows each site to be able to read the same authentication key. – Todd Smith Oct 28 '11 at 21:26
  • Todd Smith, I have added same machine key on both the sites, but still i see error like this - Unable to validate data. at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, IVType ivType, Boolean useValidationSymAlgo, Boolean signData) – kudlatiger Dec 29 '15 at 05:43
  • @Deepak: That sounds like you should ask a new question, in which you could add some more detail about your setup. – Tomas Aschan Jan 05 '16 at 08:16
  • @Tomas, I have created- http://stackoverflow.com/questions/34506551/reading-cookie-value-using-url-rewrite-provider-module-unable-to-validate-at – kudlatiger Jan 06 '16 at 05:33
2

The cookies are shared in the same domain, even shared between applications. I have used the same cookie to share authentication between a Classic ASP app and a .net app without problems.

Just use the same rules to encrypt or store the cookie.

Eduardo Molteni
  • 38,786
  • 23
  • 141
  • 206
1

A solution would be to use integrated authentication. This way the user look up, and authentication authority used, will be the same accost all sites with the servers on the same domain. If you are using something like basic or kerberos authentication then your authentication will not pass between sites even on the same server and possibly between parts of the site that run under different threads, eg a different app pool.

Use session data in asp or cookies to share session information on the same site between pages. Cookies will work even if the virtual folders are shared in a different pool. Just code around the requirements of your virtual directory, in case its shared between multiple sites.

P.S. If you are already using cookies, just have the code in your virtual be the same as what you are using on the other pages.

What are the additional requirements for the virtual? Is it on the same server?

QueueHammer
  • 10,515
  • 12
  • 67
  • 91