0

I have a parent site using Forms authentication. I need to have a nested subsite/application be able to determine if the user is authenticated on the parent site, but when the subsite tries to read User.Identity.IsAuthenticated it is false, and any Session variable that is set on the parent site is not available in the subsite.

Both sites are set to use the parent site's application pool. I have already set the domain attributes of both the forms and httpCookies settings in the parent site to the same domain, but no luck.

Does the subsite need something added to its web.config to be able to detect the parent site authenticated user?

KDev
  • 11
  • 4
  • This has a similar problem, you can refer to this link:https://stackoverflow.com/questions/54028503/cross-application-authentication-iis-to-sub-application – Ding Peng Dec 07 '20 at 05:30

1 Answers1

0

In IIS, I had to go to the parent site Machine Key settings and change it to use a generated key. I then went to the subsite machine key settings and saw it was set to use the parent site machine key values. This allowed the subsite to see that the user was authenticated (User.Identity.IsAuthenticated = true) after doing a forms login on the parent site. This does not allow sharing of session however, but I think I can work around that.

KDev
  • 11
  • 4