We're currently migrating a portion of intranet apps to MojoPortal(an open source cms app). MP uses FormsAuth by default and we've set it to authenticate against our current Active Directory store.
All that being said, we are looking to automatically log in users from the current system to the new system to create a seamless experience. New system(mojo) residing on a different server than the current system. Both live under the same "company.com" domain, with different subdomains.
Mojo, checks authentication via a FormsAuthentication cookie that is created when a user logs in through the mojo interface. We're looking to recreate this functionality remotely. I realize FormsAuth is based on MachineKey and lives inside a single IIS Web Instance, but am curious for any ideas the community may have.
The current "best" guesses we've come up with here are:
Create a WCF web service that lives in a virtual directory under the mojo site, accepts a username/password and creates the cookie. This is untested as we are unsure if this will actually affect the client.
Redirect the user to an intermediate page under mojo which accepts a username/password and creates the cookie, after which redirects the user again to the desired mojo page.
This does use MojoPortal as a provider, but the real issue is how to create a FormsAuthentication cookie remotely.
Additional background info:
Current system already authenticates against the same AD store, so there is no concern over creating cookies for users that are non-existent. Both servers lie in the same AD domain(they're physically next to each other). The current system's source code is available to us and able to be modified as well.