How to do Forms Authentication Across Applications in asp.net mvc

Question

How to do Forms Authentication Across Applications in asp.net mvc

Lets say that two websites www.xyz.com and www.abc.com.

I have to use same user credentials for both the sites. If i redirect one app to another then it wont ask to sign in.

Answer 1

If the applications are hosted on the same domain (for example http://foo.example.com and http://bar.example.com) you could perform Single Sign On by simply setting the domain property of the authentication cookie in your web.config and configuring the same machine keys. The scenario is detailed in this article.

For cross domain SSO, there's much more to be done as you cannot use cookies. So when passing from AppA to AppB you could send the authentication token value (POST or GET) and have AppB decrypt it and emit an authentication cookie on its own domain. Of course in order to decrypt it, both applications must have the same machine keys configured. The scenario is detailed in this article.

Answer 2

how about implementing a single sign on service? such that when you log in, you call the service using AJAX and retrieve the user session token. you just pass the user session token to the other site so that you may validate it and use the same user.