I have a base web site (Asp.net WebForms application) running under ie.
http://localhost:90/
Then I created a new (this time Asp.net MVC) application and added it under
http://localhost:90/mvc/
but not just as a simple virtual folder, but as an application folder by defining a different application pool to run it, compared to the parent application.
Since browsers can't know that there are two different application basically on the same domain it would work like:
- user accesses
http://localhost:90/
- parent app redirects the user to forms authentication screen
- user successfully logs in
- parent web adds an authentication cookie
- user accesses
http://localhost:90/mvc
- browser attaches the same cookie from parent app
Is it possible that I authenticate the user based on this same cookie? I would configure my MVC application to login redirect to parent app to have a shared authentication screen. But I'd like to know who authenticated and work from that point on.
I've read something about sharing the same system.web/machineKey
values to provide this kind of functionality, but I would like some real world examples.
I'm aware that these two applications will not be able to share Session state and that's not a problem, because I don't want them to. All I want is a kind of single login (SSO/SSS)
Is this possible? How?
Important
I've read other questions/answers about this, but they are either asking about cross-domain/cross-server etc. This one is on the same IIS web site.