Home > ASP.NET > Authenticate Multiple Applications using Single Forms Authentication in ASP.NET / Form Authentication Across multiple Applications

Authenticate Multiple Applications using Single Forms Authentication in ASP.NET / Form Authentication Across multiple Applications

Hi Geeks,

Today I came across a situation where i needed to authenticate more than 3 applications using single forms Authentication , I had  the structure of my applications on IIS as follows :



As you see in the above Hosting Structure I have one Main Login Application and

I have to authenticate the application 1,2,3 from the MainLogin application which is at root level and rest of the applications are on sub roots.

At start i thought it would be very critical to do this but Microsoft made it so easy that it wont take so much efforts.

First You need to add the following code to Web.Config file the  MainLogin Application

  1. <authentication mode="Forms">
  2.       <forms loginUrl="login.aspx"></forms>
  3.     </authentication>
  5.     <machineKey validationKey="45AC1CA923F4DC8E5AE294064AFD7810FFB178B21D747B32D3A4765BFA27F892318589A59F09B08C704051504D74969F2EDADBD51CE489343C2A3CF834DEA9D6"
  6.                 decryptionKey="917CF306390024BBDBC94817A22506FDB19123D88D159B524345CB4022895BB8" validation="SHA1"
  7.                 decryption="AES" />


-> Important Note : Dont Ignore…

Paste the same code to the Web.Config file of all the applications with same machine key,validation key,deception key otherwise it wont work.

If you are adding other forms authentication parameters like name ,Protection,path,domain,timeout , you should add same parameters with same values in Web.Config file of all applications.

To Configure the Machine key for the application see Configure Machine key

-> So the main Question here is HOW did it WORK????

1) Whenever user sends  request to the server it always checks for the .ASPXAUTH Cookie.

Note : .ASPXAUTH Cookie is the cookie which is generated by the the logon page creates a cookie that contains a forms authentication ticket that is set for the session only if you are using  ASP.NET inbuilt Login Control otherwise you need to generate the ticket using following code

Add Authentication Ticket
  1. if (Membership.ValidateUser(userName.Text, password.Text))
  2. {
  3.     if (Request.QueryString["ReturnUrl"] != null)
  4.     {
  5.         FormsAuthentication.RedirectFromLoginPage(userName.Text, false);
  6.     }
  7.     else
  8.     {
  9.         FormsAuthentication.SetAuthCookie(userName.Text, false);
  10.     }
  11. }
  12. else
  13. {
  14.     Response.Write("Invalid UserID and Password");
  15. }

So whenever user successfully log in using Main Login Application it will generate the .ASPXAUTH Cookie with Forms Authentication Ticket which contains all the credentials for the authentication and this cookie is used by the other applications to start their authenticated session.


Hope This Will Help You Smile

Categories: ASP.NET
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: