Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Forms Authentication across Sub-Domains

Is it possible to authenticate users across sub-domains when the authentication takes place at a sub-domain instead of the parent domain?

For example:

User logs into site1.parent.com, and then we need to send them to reporting.parent.com.

Can I authenticate them to the reporting site even though the log-in occured at a sub-domain?

So far all of the research I have done has users logging into the parent domain first and then each sub-domain has access to the authentication cookie.

like image 349
Miyagi Coder Avatar asked Mar 03 '09 20:03

Miyagi Coder


People also ask

Which namespace allows us to use forms authentication?

The FormsAuthentication class in the System. Web. Security namespace provides assorted methods for logging in and logging out users via the forms authentication system.

How does Forms authentication work in asp net?

Form Authentication is a token-based system. When users log in, they receive a token with user information that is stored in an encrypted cookie. When a user requests an ASP.NET page via the browser, the ASP.NET verifies whether the form authentication token is available.


1 Answers

When you authenticate the user, set the authentication cookie's domain to the second-level domain, i.e. parent.com. Each sub-domain will receive the parent domain's cookies on request, so authentication over each is possible since you will have a shared authentication cookie to work with.

Authentication code:

System.Web.HttpCookie authcookie = System.Web.Security.FormsAuthentication.GetAuthCookie(UserName, False); authcookie.Domain = "parent.com"; HttpResponse.AppendCookie(authcookie); HttpResponse.Redirect(System.Web.Security.FormsAuthentication.GetRedirectUrl(UserName,                                                                         False)); 
like image 60
jro Avatar answered Sep 27 '22 22:09

jro