Running Multiple ASP.NET Applications Using Forms Authentication on the Same Server

Some days ago after uploading this very blog application to my server, I found that running multiple ASP.NET applications using Forms Authentication on the same server can cause undesired side effects concerning the authentication of users.

Every time I signed in to another application running on this same server, I was redirected to the login page when trying to access my blog's administration area. I re-entered my credentials and successfully signed in to my blog again but, at the same time, I was logged out of the other application. What's wrong with two applications running on the same server, both using Forms Authentication?

I did a little research and learned that Forms Authentication requires a uniquely named cookie for each application to correctly store the corresponding authentication ticket. The default name for this cookie is .ASPXAUTH which is used by both applications if not specified otherwise. The cookie name can be specified within an application's web.config file in the following section:

<system.web>
  <authentication mode="Forms">
    <forms loginUrl="~/Admin/Account/SignIn" name=".ASPXAUTH_Blog" />
  </authentication>
  <!-- ... -->
</system.web>

By setting a different value for the name property for each application running on the same server, Forms Authentication correctly manages the different applications' authentication tickets in parallel.

Use the coupon code LAUNCHDAY for $10 off!

Learn ES6

5 Comments

Pancho

Great article! this was very helpful for me Regards

Craig

Perfect! Solved my problem, awesome!! Thanks!

Michael

Thank you so much! I had a huge headache with some intranet apps and login systems and this solved it.

Edward

Very helpful article, had issues with cross authorization, now resolved thanks to you !!

Uikro

Dude, you rock!! Thanks