I have two MVC3 sites, both hosted on the same server that I’ve configured to use the same authentication cookies.

The first site is an intranet site using Windows authentication. This site has one simple Action that checks to see if the user was authenticated, if the user has been, it creates a FormsAuthentication cookie that it adds to the response. This cookie is created for a generic user that I determine from the User’s AD groups. The response then redirects the user to a second site that uses Forms Authentication.

When I run this on my local machine, everything works as described above. When I deploy this to our local web server, it doesn’t. I’ve tested to see if the user’s group is correctly determined and that it creates a valid user for the cookie, and I have verified that this is correct on the web server.

Here is how I’m doing all of the above:

First, I made both sites use the same same Machine Key for encryption and decryption.

When I create the cookie in Site1, I ensure that it has the same name and Domain as the cookies created on Site2.

     var cookie = FormsAuthentication.GetAuthCookie(userName, false);
     cookie.Domain = FormsAuthentication.CookieDomain; //This is the Domain of my 2nd site as they are different

     HttpContext.Response.Cookies.Add(cookie); //Add my cookie to the response
     HttpContext.Response.RedirectPermanent(urlForSite2);

Again, when I run this on my local machine it works without a problem. But when deployed, it’s either not passing the cookie in the request, or the response is ignoring it, but I’m not sure how to verify either of these cases.

Feel free to ask any question regarding more details as to how I’m doing this if it will help in getting an answer I need.