Home/ Questions/Q 6329877
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T17:45:37+00:00

I have two MVC3 sites, both hosted on the same server that I’ve configured

  • 0

I have two MVC3 sites, both hosted on the same server that I’ve configured to use the same authentication cookies.

The first site is an intranet site using Windows authentication. This site has one simple Action that checks to see if the user was authenticated, if the user has been, it creates a FormsAuthentication cookie that it adds to the response. This cookie is created for a generic user that I determine from the User’s AD groups. The response then redirects the user to a second site that uses Forms Authentication.

When I run this on my local machine, everything works as described above. When I deploy this to our local web server, it doesn’t. I’ve tested to see if the user’s group is correctly determined and that it creates a valid user for the cookie, and I have verified that this is correct on the web server.

Here is how I’m doing all of the above:

First, I made both sites use the same same Machine Key for encryption and decryption.

When I create the cookie in Site1, I ensure that it has the same name and Domain as the cookies created on Site2.

     var cookie = FormsAuthentication.GetAuthCookie(userName, false);
     cookie.Domain = FormsAuthentication.CookieDomain; //This is the Domain of my 2nd site as they are different

     HttpContext.Response.Cookies.Add(cookie); //Add my cookie to the response
     HttpContext.Response.RedirectPermanent(urlForSite2);

Again, when I run this on my local machine it works without a problem. But when deployed, it’s either not passing the cookie in the request, or the response is ignoring it, but I’m not sure how to verify either of these cases.

Feel free to ask any question regarding more details as to how I’m doing this if it will help in getting an answer I need.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Cross domain cookies are not allowed. If you have two separate domains; one cannot access the others cookies. Two separate virtual directories/applications will work when using the same machine key. http://blogs.technet.com/b/sandy9182/archive/2007/05/07/sharing-forms-cookie-between-asp-net-web-application.aspx

    If you want to share login cookies between sub-domains you need to edit the Domain property of the login cookie to the 2nd level domain “abc.com” so that “www.abc.com” and “ww2.abc.com” will have access to the cookie. http://forums.asp.net/t/1533660.aspx

    String usrName = User.Identity.Name.ToString();
HttpCookie authCookie = Security.FormsAuthentication.GetAuthCookie(usrName, false);
authCookie.Domain = "abc.com";
Response.AppendCookie(authCookie);
    • 0