Cross app on subdomain form authentication not working | ansaurus

tags:

forms-authentication

views:

18

answers:

1

Q:

Cross app on subdomain form authentication not working

Hello, We've been investigating this issue for a week now. We have two applications deployed in two servers. domain.com.cz/app1 sub.domain.com.cz/app2

They do have the same validationKey, decryptionKey, and validation properties in machineKey section.

They also have the same domain in forms authentication, also enableCrossAppRedirects="true" and cookieless="UseCookies".

They have been sharing authentication for years already, but now its not working. As told by sys ads, there were no server config happened prior to the problem.

What other check items should we scan? Thank you.

A:

The first thing to check is whether the cookie is sent to the second subdomain. You could use FireBug for this.

If the cookie is sent there could be various reasons for authentication not working:

Different versions of the .NET framework (IIRC in .NET 4.0 they changed encryption algorithms)
Differences in security patches installed? There are some KB patches for .NET that modify the encryption algorithms.

Darin Dimitrov 2010-10-27 08:55:03

You hit it Darin! One server has security patch while the other has none. Thank you! :)

2010-10-29 06:49:08

related questions

ASP.NET Membership: Login Controls Source Code

ASP.NET Login to a Website with Forms Authentication vs None

Avoid losing PostBack user input after Auth Session has timed out in ASP.NET

ASP.NET Login Page Styles

What is the purpose/meaning of the Version property on a FormsAuthenticationTicket?

.NET forms authentication cookie not accessible in another application

How to change FormsCookieName at runtime in ASP.NET

How to get current user in Asp.Net MVC

Can't set FormsAuthenicationTicket.UserData in cookieless mode.

How do you implement a "Logout" link using ASP.NET MVC?

Examples of asp.net mvc and authentication

Login.aspx always wants to be my home page!

In ASP.Net, can we create an application with its own Web.Config and Forms Authentication section inside another application using Forms Authentication?

How secure is basic forms authentication in asp.net?

Inheriting a base class

FormsAuthentication selective to url

What is the best workaround for the ASP.NET forms authentication timeout problem when using wildcard mapping?

Context.User losing Roles after being assigned in Global.asax.Application_AuthenticateRequest

How do I logout of multiple asp.net applications?

[ASP.NET] Conditional Redirect on Login

Bypass Forms Authentication auto redirect to login, How to?

How do I filter nodes of TreeView and Menu controls with sitemap data sources based on user permissions?

How do I best handle role based permissions using Forms Authentication on my ASP.NET web application?

How do I keep my Login.aspx page's ReturnUrl parameter from overriding my ASP.NET Login control's DestinationPageUrl property?

How do I use ASP.NET Login Controls when my Login.aspx is not at the root of my application?