|
Single sign-on is supported for the following scenarios:
Forms Authentication
You are using Forms authentication and you need to share user identity across applications that run on the same domain and all of them use the standard ASP.NET 2.0 Forms authentication. You need to ensure that:
| 1. | All applications use the same user database or at least the same user names. You may need to integrate the authentication using a custom security handler.
|
| 2. | The web.config file of all applications uses the same authentication cookie name and the path is set to "/": |
<forms name=".ASPXFORMSAUTH" path="/" ... />
| 3. | The web.config file of all applications uses the same machine key that is used for cookie encryption. You can find the machine key in the <system.web> section and it's defined like this: |
<machineKey validationKey="ABCD0708...." decryptionKey="DDFF8943...." validation="SHA1" />
| 4. | If your applications run on different sub-domains, such as www.mywebsite.com and forums.mywebsite.com, you need to set the domain attribute of the authentication cookie to the main domain so that it's shared across domains: |
<forms name=".ASPXFORMSAUTH" path="/" domain=".mywebsite.com" ... />
Windows Authentication
You are using Windows authentication. In this case, the user identity is shared within the Windows domain. No additional configuration is required.
|