Multiple site login problem

Anirban Halder asked on November 25, 2016 07:09


I have two site for different-2 domain running under same instance of Kentico.My requirements are
1) if i logged in one site and when change site from CMSDesk's dropdown to move to another site it should login automatically.
2) i also want if i loggoed on a site as a user if i open another site on same browser it should login automatically on second site.

I have done -

1 - Settings=> Site=> global=> Security and membership => Administration and checked the check box for "Automatically sign-in user when site changes".

2 - Checked check box for "Share user accounts on all sites" under General category

3 - Also i have assign both site to my user account.

if i login as administrator in cmsdesk my 1st requirement is working but not as normal user and my second requarement is not working.



Recent Answers

Richard Sustek answered on November 25, 2016 13:12

Can you make sure that your "normal" users are Assigned to both sites?

3 votesVote for this answer Mark as a Correct answer

Peter Mogilnitski answered on November 25, 2016 15:04

if you have 2 different domains like and - This is more issue of CORS (cross origin resource sharing). It is related to the browser security and the way it works. If a user trying logins to siteA - you want to login him to and at the same time. From the browser prospective you issue authentication cookies for 2 domains - that normally won't work due to the single origin policy, but you can find a way around it by adding proper headers to your response/request.

Assuming you have web.config for siteA (although in you case it is probably shared web.config) To make it work for siteB you should put something like this in your web.config :

    <remove name="X-Powered-By" />
    <add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept" />
    <add name="Access-Control-Allow-Methods" value="POST,GET,OPTIONS,PUT,DELETE" />
<add name="Access-Control-Allow-Origin" value="" />
<add name="Access-Control-Allow-Credentials" value="true" />

These custom headers will instruct the browser that it can accept cookies for but a user is on the domain. There are some issue down the road: you can only one Access-Control-Allow-Origin in web.config. There are ways to solve it (google it, stackoverflow will save your day). Access-Control-Allow-Credentials - will let issue cookie for siteB. You probably do not need all the verbs in Access-Control-Allow-Methods. Anyway this will get you started.

1 votesVote for this answer Mark as a Correct answer

Anirban Halder answered on November 25, 2016 18:59

Hi Richard, I already assigned all users to both site.

0 votesVote for this answer Mark as a Correct answer

Anirban Halder answered on November 25, 2016 19:01

Hi Peter, I will follow your instructions and let you know.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.