Home/ Questions/Q 4079332
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T17:47:18+00:00

I have Forms authentication setup for an ASP.NET 4.0 application on http://example.com – we’ll

  • 0

I have Forms authentication setup for an ASP.NET 4.0 application on http://example.com – we’ll call it MainApp.
I also have an ASP.NET 4.0 app running on http://static.example.com which (let’s call it SubApp) doesn’t have access to the main app.

Now, SubApp needs to figure out usernames of users who first logged in to the MainApp and then came to SubApp. I thought that it’s enough for those two apps to have the same machine keys and for the SubApp to specify in web.config, so it could read the MainApp’s authentication cookie and get username from it.

I did a simple test and when I try to hit some page on SubApp it keeps redirecting to http://static.example.com/login.aspx – which doesn’t even exist not specified in web.config. Apparently my approach doesn’t work, though I don’t understand why – main domain’s cookie should be accessible on a subdomain, right?

This is how I configure authentication in SubApp:

<authentication mode="Forms">
    <forms domain="example.com"/>
</authentication>

<authorization>
    <allow users="*"/>
</authorization>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You could try setting the domain property of the <forms> tag in web.config for both applications:

    <authentication mode="Forms">
  <forms 
      loginUrl="~/Account/LogOn" 
      timeout="2880" 
      domain="example.com"
  />
</authentication>

    This will effectively set the authentication cookie validity for both example.com and static.example.com, meaning that a user who authenticated on the first domain will automatically be authenticated on the second.

    • 0