I have a situation where my ASP.NET MVC application can be loaded directly or in iframe. It uses ASP.NET Identity. When I open the site from iframe, log in and after open the site directly it keeps me logged in. Is that a normal behavior? Is session shared between apps opened directly and in iframe?
Here are more details: I have a site https://somesite.com,
and it can be accessed directly or via another site using iframe. I need slightly different designs and functionality depending on where the site is accessed from. I researched and the only good solution seems to have two different sites: https://somesite.com, https://framed.somesite.com. I don't need to share sessions between them. Authorization may also work independently. And I need one SSL certificate for both sites.
Also, how would you organize projects in VS2015 in case the design and functionality is mostly the same. Would you have some setting in the config to differentiate and just publish two sites with different settings or would you create two different projects?
Best Answer
There was a simple solution. I just created a different sites in
IISwhich were using the sameSSLcertificate(via subdomains), so I have 2 sites set up inIIShttps://somesite.comandhttps://framed.somesite.com. The second one is just empty and it has a directory pointing to the directory of the first one. So they use the sameSSLcertificate, they have different sessions and some param is being set when opening fromiframeand so I can differenciate between them.