How i use FormsAuthentication:
app1.example.com:
- Contains Loginpage(login.aspx)
- redirects if not authenticated
web.config:
<authentication mode="Forms"> <forms name="example" loginUrl="login.aspx" domain=".example.com" protection="All" path="/" timeout="30" cookieless="UseCookies" enableCrossAppRedirects="true" /> </authentication>
app2.example.com:
- Just redirects if not authenticated (http://app1.example.com/login.aspx)
web.config:
<authentication mode="Forms"> <forms name="example" loginUrl="http://app1.example.com/login.aspx" domain=".example.com" protection="All" path="/" timeout="30" cookieless="UseCookies" enableCrossAppRedirects="true" /> </authentication>
For the login i do following:
FormsAuthentication.SetAuthCookie(
userId.ToString(), false);
FormsAuthenticationTicket ticket1 =
new FormsAuthenticationTicket(
1,
userId.ToString(),
DateTime.Now,
DateTime.Now.AddMinutes(20),
false,
sessionid // sessionid
);
HttpCookie cookie1 = new HttpCookie(
FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(ticket1));
HttpContext.Current.Response.Cookies.Add(cookie1);
string returnUrl = HttpContext.Current.Request["redirect"] == null ? "app1.example.com" : HttpContext.Current.Request["redirect"];
HttpContext.Current.Response.Redirect(returnUrl);
On each application i have to read out my custom "sessionid" from the AuthCookie. On App2 i get the correct id and on the App1, which contains the login page, i don't (it's empty).
Does anyone have an idea how it comes?
Here's my code for reading the userdata out:
HttpCookie authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authCookie.Value);
All apps are running on Asp.Net 4.5.2
Thanks in advance!