Home/ Questions/Q 7785523
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T20:16:11+00:00

I have an Asp.Net MVC application using Forms Authentication that is published to the

  • 0

I have an Asp.Net MVC application using Forms Authentication that is published to the same IIS Web Site under different Application Names:

Default Web Site/Dashboard
Default Web Site/Partner

Using Chrome, if I go to the Dashboard instance and log in, everything seems to work fine. If I open a separate browser window and navigate to the Partner instance, I am prompted to log in as expected. Upon logging into Partner instance, everything seems to work fine as well. The problem arises when I go back to my previous browser window and try to access an authenticated resource on the Dashboard instance, where I get redirected to the Login page as if I had somehow been logged out. If I log in again on the Dashboard instance, thing work fine again. But if I go to the Partner instance, I discover that I get logged out there. It seems that the act of logging into the other application instance somehow logs me out of the previous one. I did some goggling and it appears the problem is caused by my forms authentication cookie settings. Here is what I was using:

<authentication mode="Forms">
  <forms loginUrl="~/Account/LogOn"
         timeout="1576800"/>
</authentication>

I did not specify a cookie path explicitly, so I figured the cookie path might be shared by the application instances so it was getting overwritten. So I tried to specify a cookie path explicitly. So when I publish Dashboard, I used this:

 <authentication mode="Forms">
      <forms loginUrl="~/Account/LogOn"
             timeout="1576800"
             cookieless="UseCookies"
             path="/Dashboard" />
 </authentication>

And for Partner, I used this:

 <authentication mode="Forms">
      <forms loginUrl="~/Account/LogOn"
             timeout="1576800"
             cookieless="UseCookies"
             path="/Partner" />
 </authentication>

However this did not work at all. With these settings I can not even log in and out properly. My goal is to have the Dashboard and Partner instances be totally independent for forms authentication, so logging into one does not influence the other. Is this possible without putting them in different IIS Web Site names?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    In the web.config for each application, set unique name for the cookie name in your authentication tags 

     <authentication name="DashBoard" mode="Forms">
 <forms loginUrl="~/Account/LogOn" />
</authentication>
    • 0