Fog Creek Software
Discussion Board

Welcome! and rules

Joel on Software

ASP.NET Single Sign-On

Web applications using Forms authentication do not automatically share user authentication across virtual directories.
Is there a strategy of how to implement single sign-on without using passport-like PKI/redirect-based technologies? This is overkill since the web applications that should share common user authentication run on the same web farm / database.
A possible solution is to provide a sign-on ticket as a url parameter each time the user jumps from one web application to the other. Once the user hits a new web application with this ticket, a Forms authentication cookie is issued.
Do you know better solutions?

Friday, March 7, 2003


Take a look at this article, it describes the problem from the other side, ie, when you don't want two vdirs to have the same forms authentication.;en-us;q313116

Basically you need to make sure that the cookie name and path are the same.

Joao Paulo Carreiro
Friday, March 7, 2003

*  Recent Topics

*  Fog Creek Home