G
Graham Wert
Let me describe my setup a little before I get into the problem. I
have two web servers (www.mydomain.com and www2.mydomain.com) using
Forms Authentication. On each web server I have a main application
for authentication and numerous sub-apps. It looks kind of like this:
www.mydomain.com
|__MainApp (.Net 2.0)
|__SubApp1 (.Net 1.1)
|__SubApp2 (.Net 2.0)
|__SubApp3 (.Net 2.0)
www2.mydomain.com
|__MainApp (.Net 2.0)
|__SubApp1 (.Net 1.1)
|__SubApp2 (.Net 2.0)
|__SubApp3 (.Net 2.0)
As you can see, I'm running a mix of .Net 1.1 and 2.0 applications on
the same server. Now I've been trying to come up with a Single Sign-
On (SSO) solution that works with this setup and I've partially
succeeded. Because the domain attribute in the <forms /> tag is
incompatible with .Net 1.1 (it causes the apps to throw an exception),
I decided to programmatically set the domain of the forms
authentication cookie generated. This works fine and I can navigate
between the two servers without having to login again. The problem
occurs when the server tries to reissue/renew the cookie and update
its expiration with slidingExpiration enabled. The cookie I generate
gets created with "mydomain.com" as the domain, but when the server
tries to reissue it with a new expiration, it can't find it and
generates a brand new cookie with "www.mydomain.com" as the domain.
Is there anyway to have the server properly reissue the original
cookie with the custom domain?
have two web servers (www.mydomain.com and www2.mydomain.com) using
Forms Authentication. On each web server I have a main application
for authentication and numerous sub-apps. It looks kind of like this:
www.mydomain.com
|__MainApp (.Net 2.0)
|__SubApp1 (.Net 1.1)
|__SubApp2 (.Net 2.0)
|__SubApp3 (.Net 2.0)
www2.mydomain.com
|__MainApp (.Net 2.0)
|__SubApp1 (.Net 1.1)
|__SubApp2 (.Net 2.0)
|__SubApp3 (.Net 2.0)
As you can see, I'm running a mix of .Net 1.1 and 2.0 applications on
the same server. Now I've been trying to come up with a Single Sign-
On (SSO) solution that works with this setup and I've partially
succeeded. Because the domain attribute in the <forms /> tag is
incompatible with .Net 1.1 (it causes the apps to throw an exception),
I decided to programmatically set the domain of the forms
authentication cookie generated. This works fine and I can navigate
between the two servers without having to login again. The problem
occurs when the server tries to reissue/renew the cookie and update
its expiration with slidingExpiration enabled. The cookie I generate
gets created with "mydomain.com" as the domain, but when the server
tries to reissue it with a new expiration, it can't find it and
generates a brand new cookie with "www.mydomain.com" as the domain.
Is there anyway to have the server properly reissue the original
cookie with the custom domain?