views:

16

answers:

1

I have a base web site (Asp.net WebForms application) running under ie.

http://localhost:90/

Then I created a new (this time Asp.net MVC) application and added it under

http://localhost:90/mvc/

but not just as a simple virtual folder, but as an application folder by defining a different application pool to run it, compared to the parent application.

Since browsers can't know that there are two different application basically on the same domain it would work like:

  1. user accesses http://localhost:90/
  2. parent app redirects the user to forms authentication screen
  3. user successfully logs in
  4. parent web adds an authentication cookie
  5. user accesses http://localhost:90/mvc
  6. browser attaches the same cookie from parent app

Is it possible that I authenticate the user based on this same cookie? I would configure my MVC application to login redirect to parent app to have a shared authentication screen. But I'd like to know who authenticated and work from that point on.

I've read something about sharing the same system.web/machineKey values to provide this kind of functionality, but I would like some real world examples.

I'm aware that these two applications will not be able to share Session state and that's not a problem, because I don't want them to. All I want is a kind of single login (SSO/SSS)

Is this possible? How?

Important

I've read other questions/answers about this, but they are either asking about cross-domain/cross-server etc. This one is on the same IIS web site.

A: 

I found it myself.

This is the article on MSDN that talks exactly about this scenario. I decided to keep this question anyway for anyone that would be chasing the same information some time later.

http://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx

Robert Koritnik