I have found out by creating 2 new websites under IIS 7 that single sign-on authentication doesn't work when run in different application pools. When i move the applications into the same pool i can login on one of them and be logged in on the other one. When i change application pool on one of them, i don't get logged in on the second one.
Is there any settings that can be set in the machine.config file to allow them to share the same cookie over application pools?
Ex. 1: proj1 (app pool .net 2)
proj2 (app pool .net 2)
= Single sign-on works, they are sharing the same auth cookie.
Ex. 2: proj1 (app pool .net 2)
proj2 (app pool .net 4, integrated/classic)
= Single sign-on does not work, they are NOT sharing the same auth cookie.
Ex. 2: proj1 (app pool .net 4, integrated/classic)
proj2 (app pool .net 4, integrated/classic)
= Single sign-on works, they are sharing the same auth cookie.
Original post
Latest update at the bottom
I have 2 projects, one is an asp.net webforms and the other is a mvc 3 project.
I followed this guide, see at the bottom, and i got it working on my computer. But when i upload it to the server, it doesn't work anymore. The differences that i can think of is, 1) on the server we are using SSL, 2) the webforms project is using .net 2 and the MVC project is using .net 4 (integrated mode) and 3) I use IIS 7 on the server and i use VS 2008/2010 to test it on my local machine.
asp.net MVC 3 (.net 4)
<forms name=".ASPXAUTH" loginUrl="~/Home/Login" timeout="30" enableCrossAppRedirects="true" domain=".mydomain.com" ticketCompatibilityMode="Framework20" />
Webforms (.net 2)
<forms name=".ASPXAUTH" loginUrl="Default.aspx" defaultUrl="Default.aspx" timeout="30" domain=".mydomain.com" enableCrossAppRedirects="true" />
The funny part is, i uploaded a test.aspx page to both the Mvc (.net 4) and the webforms (.net) project and that just displays some trace.
Both projects have the same sessionid and .ASPXAUTH. On my localhost i can access the ASPXAUTH on the mvc project but i can't access it on the server.
The projects run as subdomains, mvc.mydomain.com and webforms.mydomain.com.
Anyone got any ideas on how to solve this? I have full access to the IIS 7.0.
(I have also tried turning SSL on the server off but i still get the same result)
Guide for authentication sharing: http://www.codeproject.com/KB/aspnet/SingleSignon.aspx
Updated I also tried this: (webforms .net 2.0)
var ticket = new FormsAuthenticationTicket(1, "authtest", DateTime.Now, DateTime.Now.AddMinutes(30), false, login.Email);
var enc = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie("authcookie", enc) {Domain = ".mydomain.com"};
Response.Cookies.Add(cookie);
and in mvc 3 (.net 4)
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(HttpContext.Request.Cookies["authcookie"].Value);
ViewBag.User = "User: " + ticket.Name;
This throws the following error: "Length of the data to decrypt is invalid."
Updated 6th jul
Funny! When i add 2 new domains that runs under .net 2 it works perfectly. But when i change the application pool to .net 4 it stops working. Its like they aren't compatible or i might be missing a setting somewhere
