We are trying to use authentication between two applications on our PC’s (Windows 7, IIS 7.5) and eveything goes fine. But the problem is when we try to publish these sites (Windows web server 2008, IIS 7.0) the cross authentication didn’t work!!
After long invistigation we found that the error occured in the following code which is on the second site:
Dim formsCookie As HttpCookie = Request.Cookies(FormsAuthentication.FormsCookieName)
If (formsCookie IsNot Nothing) Then
Else
' always null
We tried to check the pathes like this in code behind :
Dim ticket As New FormsAuthenticationTicket(1, smsProfile, DateTime.Now, _
DateTime.Now.AddDays(1), True, AdminSessions.UserObj.Pid, _
FormsAuthentication.FormsCookiePath)
Dim hash As String = FormsAuthentication.Encrypt(ticket)
Dim cookie As New HttpCookie(
FormsAuthentication.FormsCookieName,
hash)
If (ticket.IsPersistent) Then
cookie.Expires = ticket.Expiration
End If
Response.Cookies.Add(cookie)
Response.Redirect(smsPortal)
in the web.config:
<authentication mode="Forms">
<forms name=".ASPXFORMSAUTH" enableCrossAppRedirects="true" domain="mydomain.com.jo" loginUrl="http://..." protection="All" path="/"/>
</authentication>
Kindly advice us what is the difference between IIS in local PC and the Server.
Thanks.
It is highly likely that the browser is not sending the authentication cookie from the first site to the second site. Check the cookie path and the domain. Both sites must be on the same domain, and the cookie path must be set to a common root.
See this link for more details:
Cookie Domains and Paths
To aid in troubleshooting, use a utility such as Fiddler or Firebug to view the cookies being sent in the request, and verify that the authentication cookie set by site 1 (where the user logged in) is also being sent to site 2.
If the sites aren’t on the same server, also check if they are using the same machineKey configuration.