One test webserver, with the following applications
service.ganymedes.com:8008 - WCF RESTful service, basically the FormsAuth sample from WCF Starter Kit Preview 2
mvc.ganymedes.com:8008 - ASP.NET MVC 2.0 application
web.config for service.ganymedes.com:
<authentication mode="Forms">
<forms loginUrl="~/login.aspx" timeout="2880" domain="ganymedes.com" name="GANYMEDES_COOKIE" path="/" />
</authentication>
web.config for mvc.ganymedes.com:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" domain="ganymedes.com" name="GANYMEDES_COOKIE" path="/" />
</authentication>
Trying my darndest, a GET (or POST for that matter) via jQuery's $.ajax or getJson does not send my cookie (according to Firebug), so I get HTTP 302 returned from the WCF service:
Request Headers
Host service.ganymedes.com:8008
User-Agent Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8 (.NET CLR 3.5.30729)
Accept application/json, text/javascript, */*
Accept-Language en-us,en;q=0.5
Accept-Encoding gzip,deflate
Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive 300
Connection keep-alive
Referer http://mvc.ganymedes.com:8008/Test
Origin http://mvc.ganymedes.com:8008
It's sent when mucking about on the MVC site though:
Request Headers
Host mvc.ganymedes.com:8008
User-Agent Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8 (.NET CLR 3.5.30729)
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language en-us,en;q=0.5
Accept-Encoding gzip,deflate
Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive 300
Connection keep-alive
Referer http://mvc.ganymedes.com:8008/Test
Cookie GANYMEDES_COOKIE=0106A4A666C8C615FBFA9811E9A6C5219C277D625C04E54122D881A601CD0E00C10AF481CB21FAED544FAF4E9B50C59CDE2385644BBF01DDD4F211FE7EE8FAC2; GANYMEDES_COOKIE=D6569887B7C5B67EFE09079DD59A07A98311D7879817C382D79947AE62B5508008C2B2D2112DCFCE5B8D4C61D45A109E61BBA637FD30315C2D8353E8DDFD4309
I also put the exact same settings in both applications' web.config files (self-generated validationKey and decryptionKey).
On WCF binding config, the FormsAuth example doesn't have an explicit <bindings>
element, but I've added this:
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true">
<baseAddressPrefixFilters>
<add prefix="http://service.ganymedes.com:8008" />
</baseAddressPrefixFilters>
</serviceHostingEnvironment>
</system.serviceModel>
or the service wouldn't bind at all. I can use the same data URI as I use in the jQuery call directly in the browser, it'll send the cookie and WCF will return data. I just can't seem to use it in a cross sub-domain call and include the auth cookie.