Form Authentication woes, calling http handler on app2 from app1 not authenticating

Question

I have 2 asp.net web applications.

http://app1.local/

and

http://app2.local/

App2 has a httpHandler that takes in some credentials, and logs the user in using forms authentication.

FormsAuthentication.SetAuthCookie(cookieUserName, createPersistentCookie);
HttpCookie authCookie = context.Response.Cookies[FormsAuthentication.FormsCookieName];

I run this directly in my browser and when I open up another page on app2, I am logged in just fine.

The problem:

On app1 I have a login page, that does a httpwebrequest to the httpHandler on app2. For some reason, when I login with the same credentials and then go to app2 I am not logged into the app2 website.

Why is this?

Answer 1

Do they have the same cookie name? (FormsAuthentication.FormsCookieName) If they do they might be overwritting each other.

The fact that the credentials are the same is irrelevant (I think). Because they are two different apps/sites they don't have an explicit trust relationship between them - users need to authenticate themselves directly (not surprising). So if the same Forms Authentication cookie is being overwritten your previous authentication is lost.