Single Login Session Between Websites

Single sign-on or login allows user to login from one site or another and authentication happens only once per active session. Without this mechanism, it would be annoying to the user whenever he wants to switch between website and prompted again to login.

In ASP.NET, to implement single sign-on or login between websites on same domain with different subdomain, do the following:



In the web.config of both projects, change the authentication node to this:

<authentication mode="Forms"> <forms name="SampleAuth" loginUrl="/TestWebApp2/Test.aspx" slidingExpiration="true" /> </authentication> 

Change the loginUrl to be that of your login page. Then change the authorization node in the web.config to be this:

<authorization> <deny users="?" /> </authorization> 

In your login page code, when you've authenticated the user, do this:

System.Web.Security.FormsAuthentication.RedirectFromLoginPage("Jun", true); 

Now, in your other web application (Webapp2 for example), you can get at the
username ("Jun" in this case), by using:

System.Web.HttpContext.Current.User.Identity.Name 

You'll also need to change the machinekey node in your machine.config (on both website), specifying not generate different keys for different apps. Change it to something like this:

<machineKey validationKey="35735679267934518456825687653568905 6434617489465" decryptionKey="35735679267934518456825687653568905 6434617489465" validation="SHA1"/> 

You need to provide your own values for the machine keys. There are some tools that can generate keys for you, click here to launch the key generator made by one of codeproject contributor.