views:

186

answers:

2

I have a problem with membership authentication. I have two websites, website1 and website2, and both of them uses forms authentication with SQL membership provider (SQLEXPRESS). I have two scenarios:

Case 1:

don't publish the website1 and try to login website1 with user1 -->Works ok don't publish the website2 and try to login --> it displays the previously logged in user (Website1 user)-->Perfect

Case 2:

publish the website1 and login-->works ok publish the website2 and try to login--> it does not show up the site1's logged in user (No idea why)

then login into website2 and open website1-->it does not show up the website2 logged in user or any user...

It looks like something wrong with cookies....

my web.config looks like this:

<authentication mode="Forms">
      <forms loginUrl="~/LogOn/LogOn" timeout="2880" protection="All"/>
    </authentication>
    <authorization>
      <deny users="?"/>
    </authorization>
    <membership>
      <providers>
        <clear />
        <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" applicationName="/" />
      </providers>
    </membership>

Please let me if you have any ideas on this...

thanks, swetha

A: 

you need to establish the same machineKey for each website. generate one here

and place this element in both web.config and see how it goes.

also, the application names must be the same. see this

also you may want to enable enableCrossAppRedirects

...
<system.web>
  ...
  <machineKey 
validationKey="36DFB653C93BE95D70071E2033069338CC8AB908B75639BDEACE846838D9455B7926BA0C50CFDD4F8361643C200913244C3DBC14482895FC05B5CE6B8F24F2A2"
decryptionKey="AC737C3E32A594AB50EF38C3BB40537A4794F2E638D859898368BD1B35A5FF81"
validation="SHA1" decryption="AES"
/>

  ...
</system.web>
...
Sky Sanders
when i did include the machine key it works for single user.like both websites works fine for the same user. but i can not have two different users on two websites is it?
swetha
A: 

Thanks Skysander!! but i tried those settings...my web.config in both websites looks like this..

    <membership>
        <providers>
            <clear/>
            <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" applicationName="App1"/>
        </providers>
    </membership>

in my IIS Configuration FormsAuthentication is enabled and the cookie mode is set to Autodetect...

swetha
complete config...<authentication mode="Forms"> <forms loginUrl="~/LogOn/LogOn" timeout="2880" enableCrossAppRedirects="true" /> </authentication>
swetha