I am attempting to accomplish single sign-on using two separate applications (WebForms, MVC) that reside on the same box. One of the sites is on a separate subdomain (xxx.abc.com/abc.com).
I followed the steps outlined in this article http://www.codeproject.com/KB/web-security/aspnetsinglesignon.aspx
I've set the machine key in both applications
<machineKey validationKey="21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4374267A75D" decryptionKey="ABAA84D7EC4BB56D75D217CECFFB9628809BDB8BF91CFCD64568A145BE59719F" validation="SHA1" decryption="AES"/>
Set the cookie name, cookie path, etc....
Config A (webforms)<authentication mode="Forms"> <forms name=".ABCLOGIN" loginUrl="Signin.aspx" defaultUrl="Home.aspx" protection="All" timeout="86400" path="/" domain=".abc.com" cookieless="UseCookies" ></forms></authentication>
Config B (mvc)<authentication mode="Forms"><forms name=".ABCLOGIN" loginUrl="~/Account/Logon" protection="All" timeout="86400" path="/" domain=".abc.com" cookieless="UseCookies" /></authentication>
After signing in I set the cookie...
System.Web.Security.FormsAuthenticationTicket fat = new System.Web.Security.FormsAuthenticationTicket(1, userName, DateTime.Now, DateTime.Now.AddYears(1), false, "");
System.Web.HttpCookie cookie = new System.Web.HttpCookie(".ABCLOGIN");
cookie.Value = System.Web.Security.FormsAuthentication.Encrypt(fat);
cookie.Expires = fat.Expiration;
cookie.Domain = ".abc.com";
Response.Cookies.Add(cookie);I log in to abc.com (Webforms) and can see the .ABCLOGIN cookie. I then click on the link to take me to xxx.abc.com (MVC, same window) and I am redirected to the login screen rather than the requested page. I have tried setting the domain name to abc.com versus .abc.com and still nothing. Hoping someone can point me in the right direction to resolve the issue.