Forms Authentication across Sub-Domains on local IIS

Question

I know a cookie can be shared across multiple subdomains using the setting

<forms 
    name=".ASPXAUTH" 
    loginUrl="Login/" 
    protection="Validation" 
    timeout="120" 
    path="/"     
    domain=".mydomain.com"/>

in Web.config. But how to replicate same thing on local machine. I am using windows 7 and IIS 7 on my laptop. So I have sites localhost.users/ for my actual site users.mysite.com localhost.host/ for host.mysite.com and similar.

Answer 1

localhost.users and localhost.host is cross domain. Cookies cannot be shared cross domain.

You could configure it like this so that the sub-domain differs but the root domain stays the same:

• users.localhost
• host.localhost

Now set the cookie domain in your web.config to localhost:

domain=".localhost"

and in your c:\Windows\System32\drivers\etc\hosts file add the following 2 entries:

127.0.0.1 users.localhost
127.0.0.1 host.localhost

Now you will be able to successfully share the authentication cookie between users.localhost and host.localhost.

Ah, and don't forget to put a step in your automated build process that will transform your web.config value to the correct root domain before shipping in production.

Answer 2

This is a reminder for anyone running in Framework 4.5 and trying to share the token with frameworks 4 and lower, please notice that this will cause you not to receive the auth cookie on any of the 4 and lower apps. ie: if in your web.config you have:

<httpRuntime maxRequestLength="80480" targetFramework="4.5" />

You can get it to work by removing the targetFramework="4.5" attribute to get it to work, though I don't know if there are any side effects in doing so:

<httpRuntime maxRequestLength="80480" />