Hi,
First sorry for my poor English.
I set up two website with the same domain.one is A.test.com,another is B.test.com.I need to once people login A.test.com,they can access B.test.com without ask them to inout username and password.
I set the same machineKey,authentication in web.config in A.test.com and b.test.com
<system.web><customErrors mode="Off"/><compilation targetFramework="4.5" debug="true"><assemblies><add assembly="System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/><add assembly="System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/></assemblies></compilation><authentication mode="Forms"><forms loginUrl="Login.aspx" domain="overmcse.com" defaultUrl="Default.aspx" timeout="1200" slidingExpiration="true" name=".ASPXAUTH"/></authentication><authorization><deny users="?"/></authorization><!--Standard Windows Authentication to get a user name --><!--<machineKey decryption="AES" decryptionKey="CF3360AFE902A5764588BBF5E9C0971CCAB1E225AF1EADB5" validationKey="8D25728871EBC6917A9AA500685413CF9FA9974EE25611C5462B82EC2528377C812B9C14C3A790817B54BE868783EA6E2D23FC4F4BAFEC52EB69FA622915F34D"/>--><machineKey validationKey="C9E0C488F13456667414E4557320C91A11A1AD6F9506448D4BE574DF075DDEF6D1D430C51554CD25687FC8170A633E00FD64C3E93FAF04A613922EE08BF844A8" decryptionKey="2BC92C6FC0B5587CB77F793AF3DEDBE99242CDE0201589CC" validation="SHA1"/><!--<pages controlRenderingCompatibilityVersion="4.5"/><sessionState mode="StateServer" stateConnectionString="tcpip=10.116.85.209:42424" cookieless="false" timeout="20"/>--></system.web>
<system.web><compilation debug="true" targetFramework="4.5"/><httpRuntime targetFramework="4.5"/><httpModules><add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web"/></httpModules><authentication mode="Forms"><forms loginUrl="Login.aspx" domain="overmcse.com" defaultUrl="Default.aspx" timeout="1200" slidingExpiration="true" name=".ASPXAUTH"/></authentication><authorization><deny users="?"/></authorization><customErrors mode="Off"/><machineKey validationKey="C9E0C488F13456667414E4557320C91A11A1AD6F9506448D4BE574DF075DDEF6D1D430C51554CD25687FC8170A633E00FD64C3E93FAF04A613922EE08BF844A8" decryptionKey="2BC92C6FC0B5587CB77F793AF3DEDBE99242CDE0201589CC" validation="SHA1"/><pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/></system.web>
then,I access A.test.com,is redirect me to A.test.com/Login.aspx?ReturnUrl=%2f,I input username and password. I success access the A.test.com/default.aspx. Then I try to access B.test.com, is redirect me to B.test.com/Login.aspx?ReturnUrl=%2f, so, I should
to type username and password again.
here is my A.test.com/login.aspx code
string returnUrl = Request.QueryString["ReturnUrl"];
if (returnUrl != null && returnUrl != @"/")
{
//FormsAuthentication.RedirectFromLoginPage(userAccount, false,".overmce.com");
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(userAccount, false,1);
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
{
HttpOnly = true,
Secure = !FormsAuthentication.RequireSSL,
Path = FormsAuthentication.FormsCookiePath,
Domain = FormsAuthentication.CookieDomain,
Expires = authTicket.Expiration
};
Response.Cookies.Set(cookie);
Response.Redirect(Request.QueryString["ReturnUrl"].ToString());
}
else
{
//FormsAuthentication.SetAuthCookie(userAccount, false);
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(userAccount, false, 10);
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
{
HttpOnly = true,
Secure = !FormsAuthentication.RequireSSL,
Path = FormsAuthentication.FormsCookiePath,
Domain = FormsAuthentication.CookieDomain,
Expires = authTicket.Expiration
};
Response.Cookies.Set(cookie);
Response.Redirect("default.aspx");
}
//SaveLoginLog();
}Can u help me? Thank You.