Forms Auth cross multiple sub domains

[george d lake]

Hi,
I have several company sites (a1.company.com, a2.company.com,
a3.company.com, etc). Each site used a custom Forms Auth (all use the same
code). I have been ask if there could be just one login screen and then have
a menu of the different systems.
So, the users would go to webapps.company.com to login and then click on
links that would take them to a1.company.com or a4.company.com with out
having to login again.
Can this be done?

 

[Edward]

Sure, that can be done. The first thing that comes to my
mind would be to use cookies to store the information on
the users browser. Each sub domains checks this cookie if
this particular user has been authenticated, if so, then
accept the user, if not, redirect that user to the login
page. There might be better ways than what i suggest so
let this be just another option.

Hope this helps.

 

[Jeff]

The best way to do this is to modify the machineKey in the machine.config
file.

By default, the machineKey node is setup as:

<machineKey validationKey="AutoGenerate,IsolateApps"
decryptionKey="AutoGenerate,IsolateApps" validation="SHA1"/>

If you eliminate the ,IsolateApps (remove the comma too) in the
validationKey and the decryptionKey, one login can be used for all websites
that are on the same machine.

This works as these values are the keys used to encrypt and decrypt the data
stored in the logon cookie. By making this change, all sites on the machine
use the same keys (and thus, can share the cookies).

One other thing; if you are using a web farm, you have to specify the
validationKey and decryptionKey values. Otherwise, the cookies can't be
shared across servers.

The following MSDN article tells how to generate key values for a web farm:
http://support.microsoft.com/default.aspx?scid=kb;en-us;312906&Product=NETFrame

Jeff