Home/ Questions/Q 5973815
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T20:51:14+00:00

I have several applications running under a single website in IIS7. There are several

  • 0

I have several applications running under a single website in IIS7.

There are several pages within the website, but these are all pretty standard HTML pages, with not a lot going on.

The main website has its own application pool and each sub application has its own folder and associated application pool.

I use forms authentication and my own custom login system which uses an SQL database to store the credentials.

Each sub application has its own login page but they share the same credentials and database, which from what i understand is the best way as a user can access up to 4 of these application and a single username/password is most practical.

The issue I have is that when you sign in to one application, and then proceed to sign in to another, you are signed out of the first one. This is before any of the processes are shutdown or timed out etc.

What do I need to do to keep a user logged into multiple applications? But bear in mind that they may not have access to them all so they cannot share a single machine key or authenticaion cookie as I have read is possible.

Any help would be greatly appreciated as up to now I have simply used my own session based authentication which checks if they are logged in and I would like to move to the more up to date method of forms authentication.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    From comments:

    i simply check there credentials and then set the FormsAuthentication.SetAuthCookie for the username to true.

    This is what logs the user out of the other applications. You are effectively clobbering the authentication cookie used by the other applications. You may be able to get around this problem by ensuring that each application uses the same validation key, hash algorithm, decryption key and decryption algorithm by setting the following in the web config of each application:

    <machineKey 
    validationKey="..." 
    validation="SHA1" 
    decryptionKey="..." 
    decryption="AES" />

    This should enable each site to use the same authentication cookie.

    An alternate solution would be to ensure that each application uses a different cookie by setting the following:

    <authentication mode="Forms">
    <forms loginUrl="..." 
        protection="All" 
        name=".MyAppName"/>
</authentication>

    In this scenario, you would set MyAppName to something different for each application. Users would still be able to use the same credentials across all applications but they will have to log into each application separately.

    • 0