Fog Creek Software
Discussion Board




Welcome! and rules

Joel on Software

ASP.NET Single Sign-On

Web applications using Forms authentication do not automatically share user authentication across virtual directories.
Is there a strategy of how to implement single sign-on without using passport-like PKI/redirect-based technologies? This is overkill since the web applications that should share common user authentication run on the same web farm / database.
A possible solution is to provide a sign-on ticket as a url parameter each time the user jumps from one web application to the other. Once the user hits a new web application with this ticket, a Forms authentication cookie is issued.
Do you know better solutions?

Alex
Friday, March 07, 2003

Hi.

Take a look at this article, it describes the problem from the other side, ie, when you don't want two vdirs to have the same forms authentication.

http://support.microsoft.com/default.aspx?scid=KB;en-us;q313116

Basically you need to make sure that the cookie name and path are the same.

Joao Paulo Carreiro
Friday, March 07, 2003

*  Recent Topics

*  Fog Creek Home