Monday, January 17, 2011

Configuring forms authentication across applications

In order to enable forms authentication across multiple application you will have to setup the forms authentication to specify the same name, protection and path among all the applications that will be collaborating.

The following is an example of the configuration\system.web\authentication node in the web.config of each application.

<authentication mode="Forms">

      <forms loginUrl="login.aspx"

        name=".ASPXFORMSAUTH" protection="All"  

        path="/" timeout="30" />


Moreover, you will have to modify the MachineKey in the web.config (under the section configuration\system.web) of each application and remove the IsolateApps that is declared in the default machine.config.

If your applications are located on the same server or farm, then you may leave validationKey="AutoGenerate" and decryptionKey="AutoGenerate". Otherwise, you will have to specify a common validationKey and decryptionKey that will be shared among the applications. This way, each and every application will be able to validate the authentication cookie set during the authentication process.
One final thing to have in mind is that you’ll have to setup the same membership provider on all your applications in order to have access to the same users.

There is a very good article named “Configuring Forms Authentication Across Applications”  in msdn where you can see a full config example.

No comments: