I am using Visual Studio Team System 2008 (VSTS), C#, .NET 3.5, IIS 7.0, and ASP.NET. I have two IIS web sites, site A and site B. Their related domain names are, http://sitea.example.com
and http://siteb.example.com
.
I heard when using Form authentication, we could enable domain level cookies, that is, if two sites are in the same domain (e.g. both sitea.example.com
and siteb.example.com
are in domain example.com
), the end user only needs to authenticate once. In more details, if the user is authenticated (passed authentication) by one of the sites, there is no need to authenticate the user again in the other sites.
How this feature be enabled for my sitea
and siteb
? Do I need to change the web.config for both sitea
and siteb
?
Another confusion is, if the user is authenticated by sitea
, it is sure that the user's identity is recognized by sitea
, but how could siteb
recognize the user's identity without authenticating the user again?
Best Answer
Assuming both sites share the same membership database then you can set the cookie domain in the forms authentication section of web.config;
Note that you'll also have to setup matching machine keys in the web.config as these are used to sign the authentication cookie.